Changeset 253011 in webkit


Ignore:
Timestamp:
Dec 2, 2019 3:00:24 PM (4 years ago)
Author:
pvollan@apple.com
Message:

[iOS] Create sandbox extension for "com.apple.tccd"
https://bugs.webkit.org/show_bug.cgi?id=204367
<rdar://problem/57330176>

Reviewed by Eric Carlson.

When camera or microphone access has been granted by the user, have the UI process create a sandbox extension
for "com.apple.tccd", and send it to the WebContent process. Also make sure the extension is created only once
for each WebContent process. Add telemetry to the tccd rule in the sandbox.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
  • UIProcess/UserMediaPermissionRequestManagerProxy.cpp:

(WebKit::UserMediaPermissionRequestManagerProxy::finishGrantingRequest):

  • UIProcess/UserMediaPermissionRequestManagerProxy.h:
  • WebProcess/WebPage/WebPage.cpp:

(WebKit::WebPage::userMediaAccessWasGranted):

  • WebProcess/WebPage/WebPage.h:
  • WebProcess/WebPage/WebPage.messages.in:
Location:
trunk/Source/WebKit
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r253009 r253011  
     12019-12-02  Per Arne Vollan  <pvollan@apple.com>
     2
     3        [iOS] Create sandbox extension for "com.apple.tccd"
     4        https://bugs.webkit.org/show_bug.cgi?id=204367
     5        <rdar://problem/57330176>
     6
     7        Reviewed by Eric Carlson.
     8
     9        When camera or microphone access has been granted by the user, have the UI process create a sandbox extension
     10        for "com.apple.tccd", and send it to the WebContent process. Also make sure the extension is created only once
     11        for each WebContent process. Add telemetry to the tccd rule in the sandbox.
     12
     13        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
     14        * UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
     15        (WebKit::UserMediaPermissionRequestManagerProxy::finishGrantingRequest):
     16        * UIProcess/UserMediaPermissionRequestManagerProxy.h:
     17        * WebProcess/WebPage/WebPage.cpp:
     18        (WebKit::WebPage::userMediaAccessWasGranted):
     19        * WebProcess/WebPage/WebPage.h:
     20        * WebProcess/WebPage/WebPage.messages.in:
     21
    1222019-12-02  Louie Livon-Bemel  <llivonbemel@apple.com>
    223
  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

    r252643 r253011  
    629629    (global-name "com.apple.cfprefsd.daemon"))
    630630
    631 (allow mach-lookup
     631(allow mach-lookup (with report) (with telemetry)
    632632    (global-name "com.apple.tccd"))
    633633
     
    965965    (require-all
    966966        (extension "com.apple.webkit.extension.mach")
    967         (global-name "com.apple.iphone.axserver-systemwide")))
     967        (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd")))
    968968
    969969(media-capture-support)
  • trunk/Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp

    r252046 r253011  
    240240
    241241    ++m_hasPendingCapture;
    242     m_page.process().connection()->sendWithAsyncReply(Messages::WebPage::UserMediaAccessWasGranted { request.userMediaID(), request.audioDevice(), request.videoDevice(), request.deviceIdentifierHashSalt() }, [this, weakThis = makeWeakPtr(this)] {
     242
     243    SandboxExtension::Handle handle;
     244#if PLATFORM(COCOA)
     245    if (!m_hasCreatedSandboxExtensionForTCCD) {
     246        SandboxExtension::createHandleForMachLookup("com.apple.tccd", m_page.process().connection()->getAuditToken(), handle);
     247        m_hasCreatedSandboxExtensionForTCCD = true;
     248    }
     249#endif
     250
     251    m_page.process().connection()->sendWithAsyncReply(Messages::WebPage::UserMediaAccessWasGranted { request.userMediaID(), request.audioDevice(), request.videoDevice(), request.deviceIdentifierHashSalt(), handle }, [this, weakThis = makeWeakPtr(this)] {
    243252        if (!weakThis)
    244253            return;
  • trunk/Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.h

    r249712 r253011  
    155155#endif
    156156    bool m_hasFilteredDeviceList { false };
     157#if PLATFORM(COCOA)
     158    bool m_hasCreatedSandboxExtensionForTCCD { false };
     159#endif
    157160    uint64_t m_hasPendingCapture { 0 };
    158161    Optional<bool> m_mockDevicesEnabledOverride;
  • trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp

    r252762 r253011  
    41694169#if ENABLE(MEDIA_STREAM)
    41704170
    4171 void WebPage::userMediaAccessWasGranted(uint64_t userMediaID, WebCore::CaptureDevice&& audioDevice, WebCore::CaptureDevice&& videoDevice, String&& mediaDeviceIdentifierHashSalt, CompletionHandler<void()>&& completionHandler)
    4172 {
     4171void WebPage::userMediaAccessWasGranted(uint64_t userMediaID, WebCore::CaptureDevice&& audioDevice, WebCore::CaptureDevice&& videoDevice, String&& mediaDeviceIdentifierHashSalt, SandboxExtension::Handle&& handle, CompletionHandler<void()>&& completionHandler)
     4172{
     4173    SandboxExtension::consumePermanently(handle);
     4174
    41734175    m_userMediaPermissionRequestManager->userMediaAccessWasGranted(userMediaID, WTFMove(audioDevice), WTFMove(videoDevice), WTFMove(mediaDeviceIdentifierHashSalt), WTFMove(completionHandler));
    41744176}
  • trunk/Source/WebKit/WebProcess/WebPage/WebPage.h

    r252762 r253011  
    15141514
    15151515#if ENABLE(MEDIA_STREAM)
    1516     void userMediaAccessWasGranted(uint64_t userMediaID, WebCore::CaptureDevice&& audioDeviceUID, WebCore::CaptureDevice&& videoDeviceUID, String&& mediaDeviceIdentifierHashSalt, CompletionHandler<void()>&&);
     1516    void userMediaAccessWasGranted(uint64_t userMediaID, WebCore::CaptureDevice&& audioDeviceUID, WebCore::CaptureDevice&& videoDeviceUID, String&& mediaDeviceIdentifierHashSalt, SandboxExtension::Handle&&, CompletionHandler<void()>&&);
    15171517    void userMediaAccessWasDenied(uint64_t userMediaID, uint64_t reason, String&& invalidConstraint);
    15181518
  • trunk/Source/WebKit/WebProcess/WebPage/WebPage.messages.in

    r252459 r253011  
    360360#if ENABLE(MEDIA_STREAM)
    361361    # MediaSteam
    362     UserMediaAccessWasGranted(uint64_t userMediaID, WebCore::CaptureDevice audioDevice, WebCore::CaptureDevice videoDevice, String mediaDeviceIdentifierHashSalt) -> () Async
     362    UserMediaAccessWasGranted(uint64_t userMediaID, WebCore::CaptureDevice audioDevice, WebCore::CaptureDevice videoDevice, String mediaDeviceIdentifierHashSalt, WebKit::SandboxExtension::Handle sandboxExtensionHandle) -> () Async
    363363    UserMediaAccessWasDenied(uint64_t userMediaID, uint64_t reason, String invalidConstraint)
    364364    CaptureDevicesChanged()
Note: See TracChangeset for help on using the changeset viewer.