Changeset 247793 in webkit


Ignore:
Timestamp:
Jul 24, 2019 3:56:56 PM (5 years ago)
Author:
Chris Dumez
Message:

Regression(r247400): Unable to log into AIB Mobile Banking App
https://bugs.webkit.org/show_bug.cgi?id=200094
<rdar://problem/52519818>

Reviewed by Brent Fulgham.

In r247400, a change was made to only set the 'app has universal sandbox access' flag
only when issueing the sandbox extension for / actually succeeded (it usually fails
in practice). Previously, AIB Mobile Banking app was relying on this behavior to
trigger a load for file:///login which is outside their container. However, now that
the 'app has universal sandbox access' flag is no longer set, it trips our security
checks and the load gets ignored.

To address the issue, apply only the 'app has universal sandbox access' flag fix with
a linked-on-after check.

  • UIProcess/Cocoa/VersionChecks.h:
  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):

Location:
trunk/Source
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WTF/wtf/spi/darwin/dyldSPI.h

    r246626 r247793  
    5454#endif
    5555
     56#ifndef DYLD_MACOSX_VERSION_10_15
     57#define DYLD_MACOSX_VERSION_10_15 0x000A0F00
     58#endif
     59
    5660#else
    5761
     
    7276#define DYLD_MACOSX_VERSION_10_13 0x000A0D00
    7377#define DYLD_MACOSX_VERSION_10_14 0x000A0E00
     78#define DYLD_MACOSX_VERSION_10_15 0x000A0F00
    7479
    7580#endif
  • trunk/Source/WebKit/ChangeLog

    r247791 r247793  
     12019-07-24  Chris Dumez  <cdumez@apple.com>
     2
     3        Regression(r247400): Unable to log into AIB Mobile Banking App
     4        https://bugs.webkit.org/show_bug.cgi?id=200094
     5        <rdar://problem/52519818>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        In r247400, a change was made to only set the 'app has universal sandbox access' flag
     10        only when issueing the sandbox extension for / actually succeeded (it usually fails
     11        in practice). Previously, AIB Mobile Banking app was relying on this behavior to
     12        trigger a load for file:///login which is outside their container. However, now that
     13        the 'app has universal sandbox access' flag is no longer set, it trips our security
     14        checks and the load gets ignored.
     15
     16        To address the issue, apply only the 'app has universal sandbox access' flag fix with
     17        a linked-on-after check.
     18
     19        * UIProcess/Cocoa/VersionChecks.h:
     20        * UIProcess/WebPageProxy.cpp:
     21        (WebKit::WebPageProxy::maybeInitializeSandboxExtensionHandle):
     22
    1232019-07-24  Tim Horton  <timothy_horton@apple.com>
    224
  • trunk/Source/WebKit/UIProcess/Cocoa/VersionChecks.h

    r246664 r247793  
    4141#endif
    4242
     43#if PLATFORM(IOS_FAMILY)
    4344#ifndef DYLD_IOS_VERSION_FIRST_WITH_EXCEPTIONS_FOR_RELATED_WEBVIEWS_USING_DIFFERENT_DATA_STORES
    4445#define DYLD_IOS_VERSION_FIRST_WITH_EXCEPTIONS_FOR_RELATED_WEBVIEWS_USING_DIFFERENT_DATA_STORES 0
    45 #endif
    46 #ifndef DYLD_MACOS_VERSION_FIRST_WITH_EXCEPTIONS_FOR_RELATED_WEBVIEWS_USING_DIFFERENT_DATA_STORES
    47 #define DYLD_MACOS_VERSION_FIRST_WITH_EXCEPTIONS_FOR_RELATED_WEBVIEWS_USING_DIFFERENT_DATA_STORES 0
    4846#endif
    4947
     
    5149#define DYLD_IOS_VERSION_FIRST_WITH_DEVICE_ORIENTATION_AND_MOTION_PERMISSION_API 0
    5250#endif
     51#endif // PLATFORM(IOS_FAMILY)
     52
     53#if PLATFORM(MAC)
     54#ifndef DYLD_MACOS_VERSION_FIRST_WITH_EXCEPTIONS_FOR_RELATED_WEBVIEWS_USING_DIFFERENT_DATA_STORES
     55#define DYLD_MACOS_VERSION_FIRST_WITH_EXCEPTIONS_FOR_RELATED_WEBVIEWS_USING_DIFFERENT_DATA_STORES 0
     56#endif
     57#endif
     58
     59
    5360
    5461namespace WebKit {
     
    6673    FirstWhereUIScrollViewDoesNotApplyKeyboardInsetsUnconditionally = DYLD_IOS_VERSION_12_0,
    6774    FirstWithMainThreadReleaseAssertionInWebPageProxy = DYLD_IOS_VERSION_12_0,
     75    FirstWithoutUnconditionalUniversalSandboxExtension = DYLD_IOS_VERSION_13_0,
    6876    FirstWithLazyGestureRecognizerInstallation = DYLD_IOS_VERSION_FIRST_WITH_LAZY_GESTURE_RECOGNIZER_INSTALLATION,
    6977    FirstWithProcessSwapOnCrossSiteNavigation = DYLD_IOS_VERSION_FIRST_WITH_PROCESS_SWAP_ON_CROSS_SITE_NAVIGATION,
     
    8189    FirstWithExpiredOnlyReloadBehavior = DYLD_MACOSX_VERSION_10_13,
    8290    FirstWithMainThreadReleaseAssertionInWebPageProxy = DYLD_MACOSX_VERSION_10_14,
     91    FirstWithoutUnconditionalUniversalSandboxExtension = DYLD_MACOSX_VERSION_10_15,
    8392    FirstWithSnapshotAfterScreenUpdates = DYLD_MACOS_VERSION_FIRST_WITH_SNAPSHOT_AFTER_SCREEN_UPDATES,
    8493    FirstWithExceptionsForRelatedWebViewsUsingDifferentDataStores = DYLD_MACOS_VERSION_FIRST_WITH_EXCEPTIONS_FOR_RELATED_WEBVIEWS_USING_DIFFERENT_DATA_STORES,
  • trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

    r247755 r247793  
    196196#include "TouchBarMenuData.h"
    197197#include "TouchBarMenuItemData.h"
     198#include "VersionChecks.h"
    198199#include "VideoFullscreenManagerProxy.h"
    199200#include "VideoFullscreenManagerProxyMessages.h"
     
    10631064        return;
    10641065    }
     1066
     1067#if PLATFORM(COCOA)
     1068    if (!linkedOnOrAfter(SDKVersion::FirstWithoutUnconditionalUniversalSandboxExtension))
     1069        willAcquireUniversalFileReadSandboxExtension(process);
     1070#endif
    10651071
    10661072    // We failed to issue an universal file read access sandbox, fall back to issuing one for the base URL instead.
Note: See TracChangeset for help on using the changeset viewer.