Changeset 232321 in webkit
- Timestamp:
- May 30, 2018, 5:08:35 PM (7 years ago)
- Location:
- trunk/Source/WebKit
- Files:
-
- 1 added
- 1 deleted
- 7 edited
- 1 moved
-
ChangeLog (modified) (1 diff)
-
Configurations/Base.xcconfig (modified) (1 diff)
-
Configurations/DebugRelease.xcconfig (modified) (1 diff)
-
Configurations/WebContent-OSX-restricted.entitlements (moved) (moved from trunk/Source/WebKit/Configurations/WebContent-OSX.entitlements ) (1 diff)
-
Configurations/WebContent.Development.entitlements (deleted)
-
Configurations/WebContentService.Development.xcconfig (modified) (1 diff)
-
Configurations/WebContentService.xcconfig (modified) (2 diffs)
-
Scripts/process-webcontent-entitlements.sh (added)
-
UIProcess/UserMediaProcessManager.cpp (modified) (1 diff)
-
WebKit.xcodeproj/project.pbxproj (modified) (11 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r232316 r232321 1 2018-05-30 Brent Fulgham <bfulgham@apple.com> 2 3 [macOS] WebProcess needs TCC entitlements for media capture (Take 2) 4 https://bugs.webkit.org/show_bug.cgi?id=185526 5 <rdar://problem/36674649> 6 7 Reviewed by Alexey Proskuryakov. 8 9 In Bug 181995 I added TCC entitlements for media capture to the macOS entitlements used for 10 relocatable builds. These changes also need to apply to system builds of WebKit. 11 12 Previously we had not needed an entitlements file for system builds of WebKit, so only provided 13 an entitlements file for our relocatable build targets. Now we need entitlements when building 14 on recent macOS targets using internal SDKs. 15 16 Since these various scenarios are beginning to multiple, this patch dynamically generates the 17 entitlements file. 18 19 This patch does the following: 20 21 1. Changes the "WebContent-OSX.entitlements" to hold the TCC entitlements needed for media capture, and rename 22 to "WebContent-OSX-restricted.entitlements". 23 2. Removes the unneeded "com.apple.private.xpc.domain-extension" from WebContent-OSX.entitlement, and dynamically 24 adds it using a new build step using the script 'process-webcontent-entitlements.sh' 25 3. Updates DebugRelease.xcconfig to use the 'Safari Engineering' signing key for internal builds. 26 4. Updates WebContentService.xcconfig to remove the CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_YES target 27 since we no longer need a custom entitlement file for this case. 28 5. Updates WebContentService.Development.xcconfig to remove CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO since it is no 29 longer needed. 30 6. Deletes the file Configurations/WebContent.Development.entitlements since it is no longer needed. 31 7. Revises the WebContent process sandbox to allow camera and microphone access without needing TCC 32 entitlements, since those cannot be applied without an internal SDK. 33 8. Revises the UserMediaProcessManager to not pass dynamic sandbox extensions to the WebContent process 34 when building with the public SDK since those entitlements cannot be added or consumed in Open 35 Source builds. 36 37 We want to use the TCC entitlements when building with the internal SDK on recent macOS builds. 38 39 * Configurations/Base.xcconfig: 40 * Configurations/DebugRelease.xcconfig: 41 * Configurations/WebContent-OSX-restricted.entitlements: Renamed from Source/WebKit/Configurations/WebContent-OSX.entitlements. 42 * Configurations/WebContent.Development.entitlements: Removed. 43 * Configurations/WebContentService.Development.xcconfig: 44 * Configurations/WebContentService.xcconfig: 45 * Scripts/process-webcontent-entitlements.sh: Added. 46 * UIProcess/UserMediaProcessManager.cpp: 47 (WebKit::UserMediaProcessManager::willCreateMediaStream): Don't bother creating and sending sandbox extensions for 48 camera and microphone control for builds that cannot support them. 49 * WebKit.xcodeproj/project.pbxproj: 50 1 51 2018-05-30 Daniel Bates <dabates@apple.com> 2 52 -
trunk/Source/WebKit/Configurations/Base.xcconfig
r232069 r232321 161 161 WK_MACOS_WEAK_FRAMEWORK_cocoatouch = -framework 162 162 WK_MACOS_WEAK_FRAMEWORK_ = -weak_framework 163 164 WK_USE_RESTRICTED_ENTITLEMENTS = $(USE_INTERNAL_SDK); -
trunk/Source/WebKit/Configurations/DebugRelease.xcconfig
r227582 r232321 44 44 SDKROOT_YES = macosx.internal; 45 45 46 CODE_SIGN_IDENTITY[sdk=macosx*] = $(CODE_SIGN_IDENTITY_$(WK_USE_RESTRICTED_ENTITLEMENTS)) 47 CODE_SIGN_IDENTITY_NO = -; 48 CODE_SIGN_IDENTITY_YES = $(WK_ENGINEERING_CODE_SIGN_IDENTITY); 49 46 50 WK_RELOCATABLE_FRAMEWORKS = YES; 47 51 WK_XPC_SERVICE_SUFFIX[sdk=macosx*] = .Development; -
trunk/Source/WebKit/Configurations/WebContent-OSX-restricted.entitlements
r232320 r232321 8 8 <string>kTCCServiceMicrophone</string> 9 9 </array> 10 <key>com.apple.private.xpc.domain-extension</key>11 <true/>12 10 </dict> 13 11 </plist> -
trunk/Source/WebKit/Configurations/WebContentService.Development.xcconfig
r231299 r232321 27 27 SKIP_INSTALL[sdk=macosx*] = $(WK_RELOCATABLE_FRAMEWORKS); 28 28 29 CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO = Configurations/WebContent.Development.entitlements;30 31 29 WK_XPC_SERVICE_VARIANT = Development; -
trunk/Source/WebKit/Configurations/WebContentService.xcconfig
r231299 r232321 1 // Copyright (C) 2012-201 6Apple Inc. All rights reserved.1 // Copyright (C) 2012-2018 Apple Inc. All rights reserved. 2 2 // 3 3 // Redistribution and use in source and binary forms, with or without … … 34 34 35 35 CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO = $(CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT)); 36 CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_YES = Configurations/WebContent-OSX.entitlements;37 36 OTHER_CODE_SIGN_FLAGS = $(WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS); 38 37 -
trunk/Source/WebKit/UIProcess/UserMediaProcessManager.cpp
r231979 r232321 129 129 bool UserMediaProcessManager::willCreateMediaStream(UserMediaPermissionRequestManagerProxy& proxy, bool withAudio, bool withVideo) 130 130 { 131 #if ENABLE(SANDBOX_EXTENSIONS) 131 #if ENABLE(SANDBOX_EXTENSIONS) && USE(APPLE_INTERNAL_SDK) 132 132 auto& processStartingCapture = proxy.page().process(); 133 133 -
trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj
r232283 r232321 1322 1322 7AB6EA451EEAAE3800037B2B /* APIIconDatabaseClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 7AB6EA441EEAAE2300037B2B /* APIIconDatabaseClient.h */; }; 1323 1323 7AB6EA471EEAB6B800037B2B /* APIGeolocationProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = 7AB6EA461EEAB6B000037B2B /* APIGeolocationProvider.h */; }; 1324 7ACFAAD920B88D5000C53203 /* process-webcontent-entitlements.sh in Resources */ = {isa = PBXBuildFile; fileRef = 7ACFAAD820B88D4F00C53203 /* process-webcontent-entitlements.sh */; }; 1325 7ACFAADA20B88D5000C53203 /* process-webcontent-entitlements.sh in Resources */ = {isa = PBXBuildFile; fileRef = 7ACFAAD820B88D4F00C53203 /* process-webcontent-entitlements.sh */; }; 1324 1326 7AF236201E79A3E400438A05 /* WebErrors.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7AF2361E1E79A3B400438A05 /* WebErrors.cpp */; }; 1325 1327 7AF236211E79A40800438A05 /* WebErrors.h in Headers */ = {isa = PBXBuildFile; fileRef = 7AF2361F1E79A3D800438A05 /* WebErrors.h */; }; … … 3191 3193 371A193F1824D29300F32A5E /* WKNSDictionary.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WKNSDictionary.mm; sourceTree = "<group>"; }; 3192 3194 371A19401824D29300F32A5E /* WKNSDictionary.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKNSDictionary.h; sourceTree = "<group>"; }; 3193 37209CAB2079D4BA0009E25B /* WebContent.Development.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = WebContent.Development.entitlements; sourceTree = "<group>"; };3194 3195 372CAF091833FD910040AC27 /* WKNSError.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKNSError.h; sourceTree = "<group>"; }; 3195 3196 372CAF0A1833FD910040AC27 /* WKNSError.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WKNSError.mm; sourceTree = "<group>"; }; … … 3250 3251 37A709A61E3EA0FD00CA5969 /* WKDataDetectorTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKDataDetectorTypes.h; sourceTree = "<group>"; }; 3251 3252 37A709A81E3EA40C00CA5969 /* WKDataDetectorTypesInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKDataDetectorTypesInternal.h; sourceTree = "<group>"; }; 3252 37B418EB1C9624F20031E63B /* WebContent-OSX .entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "WebContent-OSX.entitlements"; sourceTree = "<group>"; };3253 37B418EB1C9624F20031E63B /* WebContent-OSX-restricted.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = "WebContent-OSX-restricted.entitlements"; sourceTree = "<group>"; }; 3253 3254 37B47E2C1D64DB76005F4EFF /* objcSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = objcSPI.h; sourceTree = "<group>"; }; 3254 3255 37B5045119EEF31300CE2CF8 /* WKErrorPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKErrorPrivate.h; sourceTree = "<group>"; }; … … 3792 3793 7AB6EA441EEAAE2300037B2B /* APIIconDatabaseClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIIconDatabaseClient.h; sourceTree = "<group>"; }; 3793 3794 7AB6EA461EEAB6B000037B2B /* APIGeolocationProvider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIGeolocationProvider.h; sourceTree = "<group>"; }; 3795 7ACFAAD820B88D4F00C53203 /* process-webcontent-entitlements.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = "process-webcontent-entitlements.sh"; sourceTree = "<group>"; }; 3794 3796 7AF2361E1E79A3B400438A05 /* WebErrors.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebErrors.cpp; sourceTree = "<group>"; }; 3795 3797 7AF2361F1E79A3D800438A05 /* WebErrors.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebErrors.h; sourceTree = "<group>"; }; … … 5059 5061 1A4F976E100E7B6600637A18 /* Version.xcconfig */, 5060 5062 7C0BB9A818DCDE890006C086 /* WebContent-iOS.entitlements */, 5061 37B418EB1C9624F20031E63B /* WebContent-OSX.entitlements */, 5062 37209CAB2079D4BA0009E25B /* WebContent.Development.entitlements */, 5063 37B418EB1C9624F20031E63B /* WebContent-OSX-restricted.entitlements */, 5063 5064 372EBB4A2017E76000085064 /* WebContentService.Development.xcconfig */, 5064 5065 BCACC40E16B0B8A800B6E092 /* WebContentService.xcconfig */, … … 8486 8487 0FC08570187CE0A900780D86 /* model.py */, 8487 8488 0FC08571187CE0A900780D86 /* parser.py */, 8489 7ACFAAD820B88D4F00C53203 /* process-webcontent-entitlements.sh */, 8488 8490 ); 8489 8491 path = Scripts; … … 9848 9850 buildConfigurationList = 372EBB422017E64300085064 /* Build configuration list for PBXNativeTarget "WebContent.Development" */; 9849 9851 buildPhases = ( 9852 7A35F25120BDB80C003958EC /* Remove stale entitlement file */, 9850 9853 372EBB3B2017E64300085064 /* Sources */, 9851 9854 372EBB3D2017E64300085064 /* Frameworks */, 9852 9855 372EBB402017E64300085064 /* Resources */, 9856 7A35F24F20BDAF8B003958EC /* Unlock keychain */, 9857 7AFCBD5520B8917D00F55C9C /* Process WebContent entitlements */, 9853 9858 ); 9854 9859 buildRules = ( … … 9941 9946 buildConfigurationList = BC3DE47615A91764008D26FC /* Build configuration list for PBXNativeTarget "WebContent" */; 9942 9947 buildPhases = ( 9948 7A35F25020BDB7CC003958EC /* Remove stale entitlement file */, 9943 9949 BC3DE46215A91763008D26FC /* Sources */, 9944 9950 BCDC308D15FDB99A006B6695 /* Frameworks */, 9945 9951 BC3DE46415A91763008D26FC /* Resources */, 9952 7A35F24E20BDAE40003958EC /* Unlock keychain */, 9953 7AFCBD5420B8911D00F55C9C /* Process WebContent entitlements */, 9946 9954 ); 9947 9955 buildRules = ( … … 10055 10063 buildActionMask = 2147483647; 10056 10064 files = ( 10065 7ACFAADA20B88D5000C53203 /* process-webcontent-entitlements.sh in Resources */, 10057 10066 372EBB412017E64300085064 /* WebContentProcess.xib in Resources */, 10058 10067 ); … … 10084 10093 buildActionMask = 2147483647; 10085 10094 files = ( 10095 7ACFAAD920B88D5000C53203 /* process-webcontent-entitlements.sh in Resources */, 10086 10096 E1D26A53175964D90095BFD1 /* WebContentProcess.xib in Resources */, 10087 10097 ); … … 10324 10334 shellPath = /bin/sh; 10325 10335 shellScript = "if [ \"${ACTION}\" = \"installhdrs\" ] || [ \"${ACTION}\" = \"installapi\" ]; then\n exit 0;\nfi\n\nif [ -f ../../Tools/Scripts/check-for-inappropriate-files-in-framework ]; then\n ../../Tools/Scripts/check-for-inappropriate-files-in-framework || exit $?\nfi\n"; 10336 }; 10337 7A35F24E20BDAE40003958EC /* Unlock keychain */ = { 10338 isa = PBXShellScriptBuildPhase; 10339 buildActionMask = 2147483647; 10340 files = ( 10341 ); 10342 inputFileListPaths = ( 10343 ); 10344 inputPaths = ( 10345 ); 10346 name = "Unlock keychain"; 10347 outputFileListPaths = ( 10348 ); 10349 outputPaths = ( 10350 ); 10351 runOnlyForDeploymentPostprocessing = 0; 10352 shellPath = /bin/sh; 10353 shellScript = "UNLOCK_SCRIPT_PATH=\"${SRCROOT}/../../../Internal/Tools/Scripts/unlock-safari-engineering-keychain-if-needed\"\n\n[[ -x \"${UNLOCK_SCRIPT_PATH}\" ]] && exec \"${UNLOCK_SCRIPT_PATH}\"\n\nexit 0\n"; 10354 }; 10355 7A35F24F20BDAF8B003958EC /* Unlock keychain */ = { 10356 isa = PBXShellScriptBuildPhase; 10357 buildActionMask = 2147483647; 10358 files = ( 10359 ); 10360 inputFileListPaths = ( 10361 ); 10362 inputPaths = ( 10363 ); 10364 name = "Unlock keychain"; 10365 outputFileListPaths = ( 10366 ); 10367 outputPaths = ( 10368 ); 10369 runOnlyForDeploymentPostprocessing = 0; 10370 shellPath = /bin/sh; 10371 shellScript = "UNLOCK_SCRIPT_PATH=\"${SRCROOT}/../../../Internal/Tools/Scripts/unlock-safari-engineering-keychain-if-needed\"\n\n[[ -x \"${UNLOCK_SCRIPT_PATH}\" ]] && exec \"${UNLOCK_SCRIPT_PATH}\"\n\nexit 0\n"; 10372 }; 10373 7A35F25020BDB7CC003958EC /* Remove stale entitlement file */ = { 10374 isa = PBXShellScriptBuildPhase; 10375 buildActionMask = 2147483647; 10376 files = ( 10377 ); 10378 inputFileListPaths = ( 10379 ); 10380 inputPaths = ( 10381 ); 10382 name = "Remove stale entitlement file"; 10383 outputFileListPaths = ( 10384 ); 10385 outputPaths = ( 10386 ); 10387 runOnlyForDeploymentPostprocessing = 0; 10388 shellPath = /bin/sh; 10389 shellScript = "# We autogenerate this file, so don't want to retain an old copy during builds.\nrm -f ${TEMP_FILE_DIR}/${FULL_PRODUCT_NAME}.xcent\n"; 10390 }; 10391 7A35F25120BDB80C003958EC /* Remove stale entitlement file */ = { 10392 isa = PBXShellScriptBuildPhase; 10393 buildActionMask = 2147483647; 10394 files = ( 10395 ); 10396 inputFileListPaths = ( 10397 ); 10398 inputPaths = ( 10399 ); 10400 name = "Remove stale entitlement file"; 10401 outputFileListPaths = ( 10402 ); 10403 outputPaths = ( 10404 ); 10405 runOnlyForDeploymentPostprocessing = 0; 10406 shellPath = /bin/sh; 10407 shellScript = "# We autogenerate this file, so don't want to retain an old copy during builds.\nrm -f ${TEMP_FILE_DIR}/${FULL_PRODUCT_NAME}.xcent\n"; 10408 }; 10409 7AFCBD5420B8911D00F55C9C /* Process WebContent entitlements */ = { 10410 isa = PBXShellScriptBuildPhase; 10411 buildActionMask = 2147483647; 10412 files = ( 10413 ); 10414 inputFileListPaths = ( 10415 ); 10416 inputPaths = ( 10417 "$(TEMP_FILE_DIR)/$(FULL_PRODUCT_NAME).xcent", 10418 ); 10419 name = "Process WebContent entitlements"; 10420 outputFileListPaths = ( 10421 ); 10422 outputPaths = ( 10423 ); 10424 runOnlyForDeploymentPostprocessing = 0; 10425 shellPath = /bin/sh; 10426 shellScript = "Scripts/process-webcontent-entitlements.sh\n"; 10427 }; 10428 7AFCBD5520B8917D00F55C9C /* Process WebContent entitlements */ = { 10429 isa = PBXShellScriptBuildPhase; 10430 buildActionMask = 2147483647; 10431 files = ( 10432 ); 10433 inputFileListPaths = ( 10434 ); 10435 inputPaths = ( 10436 "$(TEMP_FILE_DIR)/$(FULL_PRODUCT_NAME).xcent", 10437 ); 10438 name = "Process WebContent entitlements"; 10439 outputFileListPaths = ( 10440 ); 10441 outputPaths = ( 10442 ); 10443 runOnlyForDeploymentPostprocessing = 0; 10444 shellPath = /bin/sh; 10445 shellScript = "Scripts/process-webcontent-entitlements.sh\n"; 10326 10446 }; 10327 10447 99CA3862207286DB00BAD578 /* Copy WebDriver Atoms to Framework Private Headers */ = {
Note:
See TracChangeset
for help on using the changeset viewer.
