Changeset 232604 in webkit


Ignore:
Timestamp:
Jun 7, 2018 4:14:04 PM (6 years ago)
Author:
commit-queue@webkit.org
Message:

Don't try to allocate JIT memory if we don't have the JIT entitlement
https://bugs.webkit.org/show_bug.cgi?id=182605
<rdar://problem/38271229>

Patch by Tadeu Zagallo <Tadeu Zagallo> on 2018-06-07
Reviewed by Mark Lam.

Source/JavaScriptCore:

Check that the current process has the correct entitlements before
trying to allocate JIT memory to silence warnings.

  • jit/ExecutableAllocator.cpp:

(JSC::allowJIT): Helper that checks entitlements on iOS and returns true in other platforms
(JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): check allowJIT before trying to allocate

Source/WebKit:

Remove processHasEntitlement, which was moved into WTF and update all call sites.

  • Shared/mac/SandboxUtilities.h:
  • Shared/mac/SandboxUtilities.mm:

(WebKit::processHasEntitlement): Deleted.

  • UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _initializeWithConfiguration:]):

  • UIProcess/ApplicationStateTracker.mm:

(WebKit::applicationType):

  • UIProcess/ios/WKActionSheetAssistant.mm:

(applicationHasAppLinkEntitlements):

Source/WTF:

Move processHasEntitlement from Source/WebKit/Shared/mac/SandboxUtilities.h
into WTF so JavaScriptCore can also use it.

  • WTF.xcodeproj/project.pbxproj:
  • wtf/PlatformMac.cmake:
  • wtf/cocoa/Entitlements.cpp:

(WTF::processHasEntitlement):

  • wtf/cocoa/Entitlements.h:
  • wtf/spi/cocoa/SecuritySPI.h:

Tools:

Add the Security framework to the TestWTF target, since it's required by the new function to check the entitlements.

  • TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
Location:
trunk
Files:
14 edited
2 copied

Legend:

Unmodified
Added
Removed
  • trunk/Source/JavaScriptCore/ChangeLog

    r232602 r232604  
     12018-06-07  Tadeu Zagallo  <tzagallo@apple.com>
     2
     3        Don't try to allocate JIT memory if we don't have the JIT entitlement
     4        https://bugs.webkit.org/show_bug.cgi?id=182605
     5        <rdar://problem/38271229>
     6
     7        Reviewed by Mark Lam.
     8
     9        Check that the current process has the correct entitlements before
     10        trying to allocate JIT memory to silence warnings.
     11
     12        * jit/ExecutableAllocator.cpp:
     13        (JSC::allowJIT): Helper that checks entitlements on iOS and returns true in other platforms
     14        (JSC::FixedVMPoolExecutableAllocator::FixedVMPoolExecutableAllocator): check allowJIT before trying to allocate
     15
    1162018-06-07  Saam Barati  <sbarati@apple.com>
    217
  • trunk/Source/JavaScriptCore/jit/ExecutableAllocator.cpp

    r231175 r232604  
    3939#endif
    4040
     41#if PLATFORM(IOS)
     42#include <wtf/cocoa/Entitlements.h>
     43#endif
     44
    4145#include "LinkBuffer.h"
    4246#include "MacroAssembler.h"
     
    111115#endif
    112116
     117static bool allowJIT()
     118{
     119#if PLATFORM(IOS) && (CPU(ARM64) || CPU(ARM))
     120    return processHasEntitlement("dynamic-codesigning");
     121#else
     122    return true;
     123#endif
     124}
     125
    113126class FixedVMPoolExecutableAllocator : public MetaAllocator {
    114127    WTF_MAKE_FAST_ALLOCATED;
     
    117130        : MetaAllocator(jitAllocationGranule) // round up all allocations to 32 bytes
    118131    {
     132        if (!allowJIT())
     133            return;
     134
    119135        size_t reservationSize;
    120136        if (Options::jitMemoryReservationSize())
  • trunk/Source/WTF/ChangeLog

    r232528 r232604  
     12018-06-07  Tadeu Zagallo  <tzagallo@apple.com>
     2
     3        Don't try to allocate JIT memory if we don't have the JIT entitlement
     4        https://bugs.webkit.org/show_bug.cgi?id=182605
     5        <rdar://problem/38271229>
     6
     7        Reviewed by Mark Lam.
     8
     9        Move processHasEntitlement from Source/WebKit/Shared/mac/SandboxUtilities.h
     10        into WTF so JavaScriptCore can also use it.
     11
     12        * WTF.xcodeproj/project.pbxproj:
     13        * wtf/PlatformMac.cmake:
     14        * wtf/cocoa/Entitlements.cpp:
     15        (WTF::processHasEntitlement):
     16        * wtf/cocoa/Entitlements.h:
     17        * wtf/spi/cocoa/SecuritySPI.h:
     18
    1192018-06-05  Darin Adler  <darin@apple.com>
    220
  • trunk/Source/WTF/WTF.xcodeproj/project.pbxproj

    r232528 r232604  
    4545                0FFF19DC1BB334EB00886D91 /* ParallelHelperPool.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 0FFF19DA1BB334EB00886D91 /* ParallelHelperPool.cpp */; };
    4646                14022F4118F5C3FC007FF0EB /* libbmalloc.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 14022F4018F5C3FC007FF0EB /* libbmalloc.a */; };
     47                143DDE9620C8BC37007F76FA /* Entitlements.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 143DDE9520C8BC37007F76FA /* Entitlements.cpp */; };
    4748                143F611F1565F0F900DB514A /* RAMSize.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 143F611D1565F0F900DB514A /* RAMSize.cpp */; };
    4849                1447AEC618FCE57700B3D7FF /* Foundation.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 1447AEC518FCE57700B3D7FF /* Foundation.framework */; };
     
    269270                132743924FC54E469F5A8E6E /* StdUnorderedSet.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StdUnorderedSet.h; sourceTree = "<group>"; };
    270271                14022F4018F5C3FC007FF0EB /* libbmalloc.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; path = libbmalloc.a; sourceTree = BUILT_PRODUCTS_DIR; };
     272                143DDE9520C8BC37007F76FA /* Entitlements.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = Entitlements.cpp; sourceTree = "<group>"; };
     273                143DDE9720C8BE99007F76FA /* Entitlements.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = Entitlements.h; sourceTree = "<group>"; };
    271274                143F611D1565F0F900DB514A /* RAMSize.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RAMSize.cpp; sourceTree = "<group>"; };
    272275                143F611E1565F0F900DB514A /* RAMSize.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = RAMSize.h; sourceTree = "<group>"; };
     
    13161319                        children = (
    13171320                                E38C41241EB4E04C0042957D /* CPUTimeCocoa.mm */,
     1321                                143DDE9520C8BC37007F76FA /* Entitlements.cpp */,
     1322                                143DDE9720C8BE99007F76FA /* Entitlements.h */,
    13181323                                7A6EBA3320746C34004F9C44 /* MachSendRight.cpp */,
    13191324                                ADF2CE651E39F106006889DB /* MemoryFootprintCocoa.cpp */,
     
    14661471                                A8A473B0151A825B004123FF /* double-conversion.cc in Sources */,
    14671472                                A8A473BA151A825B004123FF /* dtoa.cpp in Sources */,
     1473                                143DDE9620C8BC37007F76FA /* Entitlements.cpp in Sources */,
    14681474                                A8A473B3151A825B004123FF /* fast-dtoa.cc in Sources */,
    14691475                                0F7C5FB61D885CF20044F5E2 /* FastBitVector.cpp in Sources */,
  • trunk/Source/WTF/wtf/PlatformMac.cmake

    r230269 r232604  
    1111    cf/TypeCastsCF.h
    1212
     13    cocoa/Entitlements.h
    1314    cocoa/MachSendRight.h
    1415    cocoa/SoftLinking.h
     
    4445
    4546    cocoa/CPUTimeCocoa.mm
     47    cocoa/Entitlements.cpp
    4648    cocoa/MachSendRight.cpp
    4749    cocoa/MemoryFootprintCocoa.cpp
  • trunk/Source/WTF/wtf/cocoa/Entitlements.cpp

    r232603 r232604  
    11/*
    2  * Copyright (C) 2014 Apple Inc. All rights reserved.
     2 * Copyright (C) 2018 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    2424 */
    2525
    26 #pragma once
     26#include "config.h"
     27#include "Entitlements.h"
    2728
    28 #import <sys/types.h>
    29 #import <wtf/Forward.h>
    30 #import <wtf/spi/darwin/XPCSPI.h>
     29#include <wtf/RetainPtr.h>
     30#include <wtf/spi/cocoa/SecuritySPI.h>
    3131
    32 namespace WebKit {
     32namespace WTF {
    3333
    34 bool connectedProcessIsSandboxed(xpc_connection_t);
    35 bool currentProcessIsSandboxed();
    36 bool processHasContainer();
     34bool processHasEntitlement(const char* entitlement)
     35{
     36    auto task = adoptCF(SecTaskCreateFromSelf(kCFAllocatorDefault));
     37    if (!task)
     38        return false;
    3739
    38 // Returns an empty string if the process is not in a container.
    39 String pathForProcessContainer();
     40    auto cfEntitlement = adoptCF(CFStringCreateWithCStringNoCopy(kCFAllocatorDefault, entitlement, kCFStringEncodingUTF8, kCFAllocatorNull));
     41    auto value = adoptCF(SecTaskCopyValueForEntitlement(task.get(), cfEntitlement.get(), nullptr));
     42    if (!value)
     43        return false;
    4044
    41 bool processHasEntitlement(NSString *entitlement);
    42 bool connectedProcessHasEntitlement(xpc_connection_t, const char *entitlement);
     45    if (CFGetTypeID(value.get()) != CFBooleanGetTypeID())
     46        return false;
    4347
     48    return CFBooleanGetValue(static_cast<CFBooleanRef>(value.get()));
    4449}
     50
     51} // namespace WTF
  • trunk/Source/WTF/wtf/cocoa/Entitlements.h

    r232603 r232604  
    11/*
    2  * Copyright (C) 2014 Apple Inc. All rights reserved.
     2 * Copyright (C) 2018 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    2424 */
    2525
    26 #pragma once
     26#if PLATFORM(COCOA)
    2727
    28 #import <sys/types.h>
    29 #import <wtf/Forward.h>
    30 #import <wtf/spi/darwin/XPCSPI.h>
     28namespace WTF {
    3129
    32 namespace WebKit {
     30WTF_EXPORT bool processHasEntitlement(const char* entitlement);
    3331
    34 bool connectedProcessIsSandboxed(xpc_connection_t);
    35 bool currentProcessIsSandboxed();
    36 bool processHasContainer();
     32} // namespace WTF
    3733
    38 // Returns an empty string if the process is not in a container.
    39 String pathForProcessContainer();
    40 
    41 bool processHasEntitlement(NSString *entitlement);
    42 bool connectedProcessHasEntitlement(xpc_connection_t, const char *entitlement);
    43 
    44 }
     34#endif
  • trunk/Source/WTF/wtf/spi/cocoa/SecuritySPI.h

    r229168 r232604  
    3838#else
    3939
     40#include <Security/SecBase.h>
     41
    4042typedef uint32_t SecSignatureHashAlgorithm;
    4143enum {
     
    6062
    6163typedef struct __SecTask *SecTaskRef;
     64typedef struct __SecTrust *SecTrustRef;
    6265
    6366WTF_EXTERN_C_BEGIN
  • trunk/Source/WebKit/ChangeLog

    r232601 r232604  
     12018-06-07  Tadeu Zagallo  <tzagallo@apple.com>
     2
     3        Don't try to allocate JIT memory if we don't have the JIT entitlement
     4        https://bugs.webkit.org/show_bug.cgi?id=182605
     5        <rdar://problem/38271229>
     6
     7        Reviewed by Mark Lam.
     8
     9        Remove processHasEntitlement, which was moved into WTF and update all call sites.
     10
     11        * Shared/mac/SandboxUtilities.h:
     12        * Shared/mac/SandboxUtilities.mm:
     13        (WebKit::processHasEntitlement): Deleted.
     14        * UIProcess/API/Cocoa/WKWebView.mm:
     15        (-[WKWebView _initializeWithConfiguration:]):
     16        * UIProcess/ApplicationStateTracker.mm:
     17        (WebKit::applicationType):
     18        * UIProcess/ios/WKActionSheetAssistant.mm:
     19        (applicationHasAppLinkEntitlements):
     20
    1212018-06-07  Tim Horton  <timothy_horton@apple.com>
    222
  • trunk/Source/WebKit/Shared/mac/SandboxUtilities.h

    r228933 r232604  
    3939String pathForProcessContainer();
    4040
    41 bool processHasEntitlement(NSString *entitlement);
    4241bool connectedProcessHasEntitlement(xpc_connection_t, const char *entitlement);
    4342
  • trunk/Source/WebKit/Shared/mac/SandboxUtilities.mm

    r228933 r232604  
    3030#import <sys/param.h>
    3131#import <wtf/OSObjectPtr.h>
    32 #import <wtf/spi/cocoa/SecuritySPI.h>
     32#import <wtf/cocoa/Entitlements.h>
    3333#import <wtf/spi/darwin/SandboxSPI.h>
    3434#import <wtf/spi/darwin/XPCSPI.h>
     
    7878}
    7979
    80 bool processHasEntitlement(NSString *entitlement)
    81 {
    82     auto task = adoptCF(SecTaskCreateFromSelf(CFAllocatorGetDefault()));
    83     if (!task)
    84         return false;
    85 
    86     auto value = adoptCF(SecTaskCopyValueForEntitlement(task.get(), (__bridge CFStringRef)entitlement, nullptr));
    87     if (!value)
    88         return false;
    89 
    90     if (CFGetTypeID(value.get()) != CFBooleanGetTypeID())
    91         return false;
    92 
    93     return CFBooleanGetValue(static_cast<CFBooleanRef>(value.get()));
    94 }
    95 
    9680bool connectedProcessHasEntitlement(xpc_connection_t connection, const char *entitlement)
    9781{
  • trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm

    r232601 r232604  
    4747#import "RemoteObjectRegistry.h"
    4848#import "RemoteObjectRegistryMessages.h"
    49 #import "SandboxUtilities.h"
    5049#import "UIDelegate.h"
    5150#import "UserMediaProcessManager.h"
     
    152151#import <pal/spi/cg/CoreGraphicsSPI.h>
    153152#import <pal/spi/cocoa/QuartzCoreSPI.h>
     153#import <wtf/cocoa/Entitlements.h>
    154154
    155155#define RELEASE_LOG_IF_ALLOWED(...) RELEASE_LOG_IF(_page && _page->isAlwaysOnLoggingAllowed(), ViewState, __VA_ARGS__)
     
    619619
    620620#if PLATFORM(IOS) && ENABLE(SERVICE_WORKER)
    621     if (!WebKit::processHasEntitlement(@"com.apple.developer.WebKit.ServiceWorkers"))
     621    if (!WTF::processHasEntitlement("com.apple.developer.WebKit.ServiceWorkers"))
    622622        pageConfiguration->preferenceValues().set(WebKit::WebPreferencesKey::serviceWorkersEnabledKey(), WebKit::WebPreferencesStore::Value(false));
    623623#endif
  • trunk/Source/WebKit/UIProcess/ApplicationStateTracker.mm

    r222422 r232604  
    3333#import "UIKitSPI.h"
    3434#import <wtf/ObjcRuntimeExtras.h>
     35#import <wtf/cocoa/Entitlements.h>
    3536#import <wtf/spi/cocoa/SecuritySPI.h>
    3637
     
    5556        return ApplicationType::Extension;
    5657
    57     if (processHasEntitlement(@"com.apple.UIKit.vends-view-services") && window._isHostedInAnotherProcess)
     58    if (WTF::processHasEntitlement("com.apple.UIKit.vends-view-services") && window._isHostedInAnotherProcess)
    5859        return ApplicationType::ViewService;
    5960
  • trunk/Source/WebKit/UIProcess/ios/WKActionSheetAssistant.mm

    r232082 r232604  
    3030
    3131#import "APIUIClient.h"
    32 #import "SandboxUtilities.h"
    3332#import "TCCSPI.h"
    3433#import "UIKitSPI.h"
     
    4645#import <wtf/SoftLinking.h>
    4746#import <wtf/WeakObjCPtr.h>
     47#import <wtf/cocoa/Entitlements.h>
    4848#import <wtf/text/WTFString.h>
    4949
     
    6767static bool applicationHasAppLinkEntitlements()
    6868{
    69     static bool hasEntitlement = processHasEntitlement(@"com.apple.private.canGetAppLinkInfo") && processHasEntitlement(@"com.apple.private.canModifyAppLinkPermissions");
     69    static bool hasEntitlement = WTF::processHasEntitlement("com.apple.private.canGetAppLinkInfo") && WTF::processHasEntitlement("com.apple.private.canModifyAppLinkPermissions");
    7070    return hasEntitlement;
    7171}
  • trunk/Tools/ChangeLog

    r232603 r232604  
     12018-06-07  Tadeu Zagallo  <tzagallo@apple.com>
     2
     3        Don't try to allocate JIT memory if we don't have the JIT entitlement
     4        https://bugs.webkit.org/show_bug.cgi?id=182605
     5        <rdar://problem/38271229>
     6
     7        Reviewed by Mark Lam.
     8
     9        Add the Security framework to the TestWTF target, since it's required by the new function to check the entitlements.
     10
     11        * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
     12
    1132018-06-07  Mark Lam  <mark.lam@apple.com>
    214
  • trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj

    r232502 r232604  
    4848                0F5651F91FCE513500310FBC /* scroll-to-anchor.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 0F5651F81FCE50E800310FBC /* scroll-to-anchor.html */; };
    4949                115EB3431EE0BA03003C2C0A /* ViewportSizeForViewportUnits.mm in Sources */ = {isa = PBXBuildFile; fileRef = 115EB3421EE0B720003C2C0A /* ViewportSizeForViewportUnits.mm */; };
     50                143DDE9820C9018B007F76FA /* Security.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 574F55D0204D471C002948C6 /* Security.framework */; };
    5051                1A02C870125D4CFD00E3F4BD /* find.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 1A02C84B125D4A5E00E3F4BD /* find.html */; };
    5152                1A3524AE1D63A4FB0031729B /* Scope.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 1A3524AC1D63A4FB0031729B /* Scope.cpp */; };
     
    20212022                        files = (
    20222023                                93F56DA71E5F9174003EDE84 /* libicucore.dylib in Frameworks */,
     2024                                143DDE9820C9018B007F76FA /* Security.framework in Frameworks */,
    20232025                        );
    20242026                        runOnlyForDeploymentPostprocessing = 0;
Note: See TracChangeset for help on using the changeset viewer.