Changeset 254392 in webkit

Timestamp:

Jan 10, 2020 9:32:23 PM (4 years ago)

Author:

eric.carlson@apple.com

Message:

[Media in GPU process] Extend the GPU process sandbox to allow access to local files when necessary
​https://bugs.webkit.org/show_bug.cgi?id=205967
<rdar://problem/58425020>

Reviewed by youenn fablet.

Source/WebKit:

No new tests, un-skipped existing tests that pass because of this change.

The GPU process sandbox does not allow access to local files so extend it before
attempting to open a ​file:// url, and revoke the extension when the file is closed.

• GPUProcess/media/RemoteMediaPlayerManagerProxy.cpp:

(WebKit::RemoteMediaPlayerManagerProxy::load):

• GPUProcess/media/RemoteMediaPlayerManagerProxy.h:
• GPUProcess/media/RemoteMediaPlayerManagerProxy.messages.in:
• GPUProcess/media/RemoteMediaPlayerProxy.cpp:

(WebKit::RemoteMediaPlayerProxy::invalidate):
(WebKit::RemoteMediaPlayerProxy::load):

• GPUProcess/media/RemoteMediaPlayerProxy.h:
• UIProcess/GPU/GPUProcessProxy.cpp:

(WebKit::GPUProcessProxy::openGPUProcessConnection):

• UIProcess/GPU/GPUProcessProxy.h:
• UIProcess/WebProcessProxy.cpp:
• UIProcess/WebProcessProxy.h:
• WebKit.xcodeproj/project.pbxproj:
• WebProcess/GPU/GPUProcessConnection.h:

(WebKit::GPUProcessConnection::setAuditToken):
(WebKit::GPUProcessConnection::auditToken const):

• WebProcess/GPU/GPUProcessConnectionInfo.h:

(WebKit::GPUProcessConnectionInfo::encode const):
(WebKit::GPUProcessConnectionInfo::decode):

• WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:

(WebKit::MediaPlayerPrivateRemote::prepareForPlayback):
(WebKit::MediaPlayerPrivateRemote::MediaPlayerPrivateRemote::load):
(WebKit::MediaPlayerPrivateRemote::cancelLoad):
(WebKit::MediaPlayerPrivateRemote::prepareToPlay):
(WebKit::MediaPlayerPrivateRemote::play):
(WebKit::MediaPlayerPrivateRemote::pause):
(WebKit::MediaPlayerPrivateRemote::setPreservesPitch):
(WebKit::MediaPlayerPrivateRemote::setVolumeDouble):
(WebKit::MediaPlayerPrivateRemote::setMuted):
(WebKit::MediaPlayerPrivateRemote::setPreload):
(WebKit::MediaPlayerPrivateRemote::setPrivateBrowsingMode):
(WebKit::MediaPlayerPrivateRemote::seek):
(WebKit::MediaPlayerPrivateRemote::seekWithTolerance):
(WebKit::MediaPlayerPrivateRemote::prepareForRendering):
(WebKit::MediaPlayerPrivateRemote::setSize):
(WebKit::MediaPlayerPrivateRemote::setVisible):
(WebKit::MediaPlayerPrivateRemote::setShouldMaintainAspectRatio):
(WebKit::MediaPlayerPrivateRemote::setVideoFullscreenFrame):
(WebKit::MediaPlayerPrivateRemote::setVideoFullscreenGravity):
(WebKit::MediaPlayerPrivateRemote::acceleratedRenderingStateChanged):
(WebKit::MediaPlayerPrivateRemote::setShouldDisableSleep):
(WebKit::MediaPlayerPrivateRemote::requestResource):

• WebProcess/GPU/media/MediaPlayerPrivateRemote.h:
• WebProcess/GPU/media/RemoteMediaPlayerMIMETypeCache.cpp:

(WebKit::RemoteMediaPlayerMIMETypeCache::canDecodeExtendedType):
(WebKit::RemoteMediaPlayerMIMETypeCache::supportsTypeAndCodecs):
(WebKit::RemoteMediaPlayerMIMETypeCache::initializeCache):

• WebProcess/GPU/media/RemoteMediaPlayerManager.cpp:

(WebKit::RemoteMediaPlayerManager::createRemoteMediaPlayer):
(WebKit::RemoteMediaPlayerManager::deleteRemoteMediaPlayer):
(WebKit::RemoteMediaPlayerManager::getSupportedTypes):
(WebKit::RemoteMediaPlayerManager::originsInMediaCache):
(WebKit::RemoteMediaPlayerManager::clearMediaCache):
(WebKit::RemoteMediaPlayerManager::clearMediaCacheForOrigins):
(WebKit::RemoteMediaPlayerManager::gpuProcessConnection const):

• WebProcess/GPU/media/RemoteMediaPlayerManager.h:

(WebKit::RemoteMediaPlayerManager::parentProcess const):

• WebProcess/WebProcess.cpp:

(WebKit::WebProcess::ensureGPUProcessConnection):

LayoutTests:

• gpu-process/TestExpectations:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/gpu-process/TestExpectations (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/GPUProcess/GPUProcess.cpp (modified) (1 diff)
• Source/WebKit/GPUProcess/GPUProcess.messages.in (modified) (1 diff)
• Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.cpp (modified) (1 diff)
• Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.h (modified) (2 diffs)
• Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.messages.in (modified) (1 diff)
• Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.cpp (modified) (2 diffs)
• Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.h (modified) (3 diffs)
• Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp (modified) (4 diffs)
• Source/WebKit/UIProcess/GPU/GPUProcessProxy.h (modified) (3 diffs)
• Source/WebKit/UIProcess/WebProcessProxy.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/WebProcessProxy.h (modified) (1 diff)
• Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp (modified) (1 diff)
• Source/WebKit/WebProcess/GPU/GPUProcessConnection.h (modified) (2 diffs)
• Source/WebKit/WebProcess/GPU/GPUProcessConnectionInfo.h (modified) (3 diffs)
• Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp (modified) (10 diffs)
• Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.h (modified) (1 diff)
• Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerMIMETypeCache.cpp (modified) (3 diffs)
• Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerManager.cpp (modified) (8 diffs)
• Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerManager.h (modified) (4 diffs)
• Source/WebKit/WebProcess/WebProcess.cpp (modified) (2 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2020-01-10  Eric Carlson  <eric.carlson@apple.com>
+
+        [Media in GPU process] Extend the GPU process sandbox to allow access to local files when necessary
+        https://bugs.webkit.org/show_bug.cgi?id=205967
+        <rdar://problem/58425020>
+
+        Reviewed by youenn fablet.
+
+        * gpu-process/TestExpectations:
+
 2020-01-10  Myles C. Maxfield  <mmaxfield@apple.com>
 

trunk/LayoutTests/gpu-process/TestExpectations

@@ -180 +180 @@
 
 media [ Skip ]
-media/audio-play-with-video-element.html [ Pass ]
-media/audio-play.html [ Pass ]
-media/media-can-play-mpeg-audio.html [ Pass ]
-media/media-can-play-wav-audio.html [ Pass ]
 media/media-controller.html [ Pass ]
 media/media-preload-no-delay-loadevent.html [ Pass ]
 media/video-src.html [ Pass ]
 media/video-source.html [ Pass ]
+media/audio-as-video-fullscreen.html [ Pass ]
+media/audio-background-playback-playlist.html [ Pass ]
+media/audio-concurrent-supported.html [ Pass ]
+media/audio-constructor-preload.html [ Pass ]
+media/audio-constructor-src.html [ Pass ]
+media/audio-constructor.html [ Pass ]
+media/audio-controls-do-not-fade-out.html [ Pass ]
+media/audio-controls-timeline-in-media-document.html [ Pass ]
+media/audio-dealloc-crash.html [ Pass ]
+media/audio-delete-while-slider-thumb-clicked.html [ Pass ]
+media/audio-garbage-collect.html [ Pass ]
+media/audio-mpeg-supported.html [ Pass ]
+media/audio-mpeg4-supported.html [ Pass ]
+media/audio-no-installed-engines.html [ Pass ]
+media/audio-only-video-intrinsic-size.html [ Pass ]
+media/audio-play-event.html [ Pass ]
+media/audio-play-with-video-element.html [ Pass ]
+media/audio-play.html [ Pass ]
+media/audio-playback-restriction-autoplay.html [ Pass ]
+media/audio-playback-restriction-play-muted.html [ Pass ]
+media/audio-playback-restriction-play.html [ Pass ]
+media/audio-playback-restriction-removed-muted.html [ Pass ]
+media/audio-playback-volume-changes-with-restrictions-and-user-gestures.html [ Pass ]
+media/audio-playback-volume-changes-with-restrictions.html [ Pass ]
+media/deactivate-audio-session.html [ Pass ]
+media/media-can-play-mpeg-audio.html [ Pass ]
+media/media-can-play-wav-audio.html [ Pass ]
+media/media-document-audio-controls-visible.html [ Pass ]
+media/media-document-audio-repaint.html [ Pass ]
+media/media-document-audio-size.html [ Pass ]
+media/muted-video-is-playing-audio.html [ Pass ]
+media/restricted-audio-playback-with-document-gesture.html [ Pass ]
+media/restricted-audio-playback-with-multiple-settimeouts.html [ Pass ]
+media/video-controls-visible-audio-only.html [ Pass ]
+media/video-play-audio-require-user-gesture.html [ Pass ]
+
 accessibility/media-element.html [ Skip ]
 fast/block/float/list-marker-is-float-crash.html [ Skip ]

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-01-10  Eric Carlson  <eric.carlson@apple.com>
+
+        [Media in GPU process] Extend the GPU process sandbox to allow access to local files when necessary
+        https://bugs.webkit.org/show_bug.cgi?id=205967
+        <rdar://problem/58425020>
+
+        Reviewed by youenn fablet.
+
+        No new tests, un-skipped existing tests that pass because of this change.
+        
+        The GPU process sandbox does not allow access to local files so extend it before 
+        attempting to open a file:// url, and revoke the extension when the file is closed.
+
+        * GPUProcess/media/RemoteMediaPlayerManagerProxy.cpp:
+        (WebKit::RemoteMediaPlayerManagerProxy::load):
+        * GPUProcess/media/RemoteMediaPlayerManagerProxy.h:
+        * GPUProcess/media/RemoteMediaPlayerManagerProxy.messages.in:
+        * GPUProcess/media/RemoteMediaPlayerProxy.cpp:
+        (WebKit::RemoteMediaPlayerProxy::invalidate):
+        (WebKit::RemoteMediaPlayerProxy::load):
+        * GPUProcess/media/RemoteMediaPlayerProxy.h:
+        * UIProcess/GPU/GPUProcessProxy.cpp:
+        (WebKit::GPUProcessProxy::openGPUProcessConnection):
+        * UIProcess/GPU/GPUProcessProxy.h:
+        * UIProcess/WebProcessProxy.cpp:
+        * UIProcess/WebProcessProxy.h:
+        * WebKit.xcodeproj/project.pbxproj:
+        * WebProcess/GPU/GPUProcessConnection.h:
+        (WebKit::GPUProcessConnection::setAuditToken):
+        (WebKit::GPUProcessConnection::auditToken const):
+        * WebProcess/GPU/GPUProcessConnectionInfo.h:
+        (WebKit::GPUProcessConnectionInfo::encode const):
+        (WebKit::GPUProcessConnectionInfo::decode):
+        * WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp:
+        (WebKit::MediaPlayerPrivateRemote::prepareForPlayback):
+        (WebKit::MediaPlayerPrivateRemote::MediaPlayerPrivateRemote::load):
+        (WebKit::MediaPlayerPrivateRemote::cancelLoad):
+        (WebKit::MediaPlayerPrivateRemote::prepareToPlay):
+        (WebKit::MediaPlayerPrivateRemote::play):
+        (WebKit::MediaPlayerPrivateRemote::pause):
+        (WebKit::MediaPlayerPrivateRemote::setPreservesPitch):
+        (WebKit::MediaPlayerPrivateRemote::setVolumeDouble):
+        (WebKit::MediaPlayerPrivateRemote::setMuted):
+        (WebKit::MediaPlayerPrivateRemote::setPreload):
+        (WebKit::MediaPlayerPrivateRemote::setPrivateBrowsingMode):
+        (WebKit::MediaPlayerPrivateRemote::seek):
+        (WebKit::MediaPlayerPrivateRemote::seekWithTolerance):
+        (WebKit::MediaPlayerPrivateRemote::prepareForRendering):
+        (WebKit::MediaPlayerPrivateRemote::setSize):
+        (WebKit::MediaPlayerPrivateRemote::setVisible):
+        (WebKit::MediaPlayerPrivateRemote::setShouldMaintainAspectRatio):
+        (WebKit::MediaPlayerPrivateRemote::setVideoFullscreenFrame):
+        (WebKit::MediaPlayerPrivateRemote::setVideoFullscreenGravity):
+        (WebKit::MediaPlayerPrivateRemote::acceleratedRenderingStateChanged):
+        (WebKit::MediaPlayerPrivateRemote::setShouldDisableSleep):
+        (WebKit::MediaPlayerPrivateRemote::requestResource):
+        * WebProcess/GPU/media/MediaPlayerPrivateRemote.h:
+        * WebProcess/GPU/media/RemoteMediaPlayerMIMETypeCache.cpp:
+        (WebKit::RemoteMediaPlayerMIMETypeCache::canDecodeExtendedType):
+        (WebKit::RemoteMediaPlayerMIMETypeCache::supportsTypeAndCodecs):
+        (WebKit::RemoteMediaPlayerMIMETypeCache::initializeCache):
+        * WebProcess/GPU/media/RemoteMediaPlayerManager.cpp:
+        (WebKit::RemoteMediaPlayerManager::createRemoteMediaPlayer):
+        (WebKit::RemoteMediaPlayerManager::deleteRemoteMediaPlayer):
+        (WebKit::RemoteMediaPlayerManager::getSupportedTypes):
+        (WebKit::RemoteMediaPlayerManager::originsInMediaCache):
+        (WebKit::RemoteMediaPlayerManager::clearMediaCache):
+        (WebKit::RemoteMediaPlayerManager::clearMediaCacheForOrigins):
+        (WebKit::RemoteMediaPlayerManager::gpuProcessConnection const):
+        * WebProcess/GPU/media/RemoteMediaPlayerManager.h:
+        (WebKit::RemoteMediaPlayerManager::parentProcess const):
+        * WebProcess/WebProcess.cpp:
+        (WebKit::WebProcess::ensureGPUProcessConnection):
+
 2020-01-10  Jer Noble  <jer.noble@apple.com>
 

trunk/Source/WebKit/GPUProcess/GPUProcess.cpp

@@ -36 +36 @@
 #include "GPUProcessCreationParameters.h"
 #include "Logging.h"
+#include "SandboxExtension.h"
 #include "WebPageProxyMessages.h"
 #include "WebProcessPoolMessages.h"

trunk/Source/WebKit/GPUProcess/GPUProcess.messages.in

@@ -1 @@
-# Copyright (C) 2019 Apple Inc. All rights reserved.
+# Copyright (C) 2019-2020 Apple Inc. All rights reserved.
 #
 # Redistribution and use in source and binary forms, with or without

trunk/Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.cpp

@@ -204 +204 @@
 }
 
-void RemoteMediaPlayerManagerProxy::load(MediaPlayerPrivateRemoteIdentifier id, URL&& url, WebCore::ContentType&& contentType, String&& keySystem, CompletionHandler<void(RemoteMediaPlayerConfiguration&&)>&& completionHandler)
-{
-    if (auto player = m_proxies.get(id))
-        player->load(WTFMove(url), WTFMove(contentType), WTFMove(keySystem), WTFMove(completionHandler));
+void RemoteMediaPlayerManagerProxy::load(MediaPlayerPrivateRemoteIdentifier id, URL&& url, Optional<SandboxExtension::Handle>&& sandboxExtension, WebCore::ContentType&& contentType, String&& keySystem, CompletionHandler<void(RemoteMediaPlayerConfiguration&&)>&& completionHandler)
+{
+    if (auto player = m_proxies.get(id))
+        player->load(WTFMove(url), WTFMove(sandboxExtension), WTFMove(contentType), WTFMove(keySystem), WTFMove(completionHandler));
 }
 

trunk/Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.h

@@ -31 +31 @@
 #include "MediaPlayerPrivateRemoteIdentifier.h"
 #include "MessageReceiver.h"
+#include "SandboxExtension.h"
 #include <WebCore/MediaPlayer.h>
 #include <wtf/LoggerHelper.h>
@@ -83 +84 @@
     void supportsKeySystem(WebCore::MediaPlayerEnums::MediaEngineIdentifier, const String&&, const String&&, CompletionHandler<void(bool)>&&);
 
-    void load(MediaPlayerPrivateRemoteIdentifier, URL&&, WebCore::ContentType&&, String&&, CompletionHandler<void(RemoteMediaPlayerConfiguration&&)>&&);
+    void load(MediaPlayerPrivateRemoteIdentifier, URL&&, Optional<SandboxExtension::Handle>&&, WebCore::ContentType&&, String&&, CompletionHandler<void(RemoteMediaPlayerConfiguration&&)>&&);
     void prepareForPlayback(MediaPlayerPrivateRemoteIdentifier, bool privateMode, WebCore::MediaPlayerEnums::Preload, bool preservesPitch, bool prepareForRendering);
     void cancelLoad(MediaPlayerPrivateRemoteIdentifier);

trunk/Source/WebKit/GPUProcess/media/RemoteMediaPlayerManagerProxy.messages.in

@@ -38 +38 @@
     PrepareForPlayback(WebKit::MediaPlayerPrivateRemoteIdentifier id, bool privateMode, enum:uint8_t WebCore::MediaPlayerEnums::Preload preload, bool preservesPitch, bool prepareForRendering)
 
-    Load(WebKit::MediaPlayerPrivateRemoteIdentifier id, URL url, WebCore::ContentType contentType, String keySystem) -> (struct WebKit::RemoteMediaPlayerConfiguration playerConfiguration) Async
+    Load(WebKit::MediaPlayerPrivateRemoteIdentifier id, URL url, Optional<WebKit::SandboxExtension::Handle> sandboxExtension, WebCore::ContentType contentType, String keySystem) -> (struct WebKit::RemoteMediaPlayerConfiguration playerConfiguration) Async
     CancelLoad(WebKit::MediaPlayerPrivateRemoteIdentifier id)
 

trunk/Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.cpp

@@ -70 +70 @@
     m_updateCachedStateMessageTimer.stop();
     m_player->invalidate();
+    if (m_sandboxExtension) {
+        m_sandboxExtension->revoke();
+        m_sandboxExtension = nullptr;
+    }
 }
 
@@ -83 +87 @@
 }
 
-void RemoteMediaPlayerProxy::load(const URL& url, const ContentType& contentType, const String& keySystem, CompletionHandler<void(RemoteMediaPlayerConfiguration&&)>&& completionHandler)
-{
+void RemoteMediaPlayerProxy::load(const URL& url, Optional<SandboxExtension::Handle>&& sandboxExtensionHandle, const ContentType& contentType, const String& keySystem, CompletionHandler<void(RemoteMediaPlayerConfiguration&&)>&& completionHandler)
+{
+    RemoteMediaPlayerConfiguration configuration;
+
+    if (sandboxExtensionHandle) {
+        m_sandboxExtension = SandboxExtension::create(WTFMove(sandboxExtensionHandle.value()));
+        if (m_sandboxExtension)
+            m_sandboxExtension->consume();
+        else
+            WTFLogAlways("Unable to create sandbox extension for media url.\n");
+    }
+
     m_player->load(url, contentType, keySystem);
-
-    RemoteMediaPlayerConfiguration configuration;
     getConfiguration(configuration);
     completionHandler(WTFMove(configuration));

trunk/Source/WebKit/GPUProcess/media/RemoteMediaPlayerProxy.h

@@ -34 +34 @@
 #include "RemoteMediaPlayerState.h"
 #include "RemoteMediaResourceIdentifier.h"
+#include "SandboxExtension.h"
 #include <WebCore/Cookie.h>
 #include <WebCore/MediaPlayer.h>
@@ -61 +62 @@
     void prepareForPlayback(bool privateMode, WebCore::MediaPlayerEnums::Preload, bool preservesPitch, bool prepareForRendering);
 
-    void load(const URL&, const WebCore::ContentType&, const String&, CompletionHandler<void(RemoteMediaPlayerConfiguration&&)>&&);
+    void load(const URL&, Optional<SandboxExtension::Handle>&&, const WebCore::ContentType&, const String&, CompletionHandler<void(RemoteMediaPlayerConfiguration&&)>&&);
     void cancelLoad();
 
@@ -187 +188 @@
 
     MediaPlayerPrivateRemoteIdentifier m_id;
+    RefPtr<SandboxExtension> m_sandboxExtension;
     Ref<IPC::Connection> m_webProcessConnection;
     RefPtr<WebCore::MediaPlayer> m_player;

trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -48 +48 @@
 #endif
 
-#define MESSAGE_CHECK(assertion) MESSAGE_CHECK_BASE(assertion, connection())
+#define MESSAGE_CHECK(assertion) MESSAGE_CHECK_BASE(assertion, this->connection())
 
 namespace WebKit {
@@ -126 +126 @@
 void GPUProcessProxy::openGPUProcessConnection(ConnectionRequestIdentifier connectionRequestIdentifier, WebProcessProxy& webProcessProxy)
 {
-    connection()->sendWithAsyncReply(Messages::GPUProcess::CreateGPUConnectionToWebProcess { webProcessProxy.coreProcessIdentifier(), webProcessProxy.sessionID() }, [this, weakThis = makeWeakPtr(this), webProcessProxy = makeWeakPtr(webProcessProxy), connectionRequestIdentifier](auto&& connectionIdentifier) mutable {
+    auto& connection = *this->connection();
+
+    connection.sendWithAsyncReply(Messages::GPUProcess::CreateGPUConnectionToWebProcess { webProcessProxy.coreProcessIdentifier(), webProcessProxy.sessionID() }, [this, weakThis = makeWeakPtr(this), webProcessProxy = makeWeakPtr(webProcessProxy), connectionRequestIdentifier](auto&& connectionIdentifier) mutable {
         if (!weakThis)
             return;
@@ -143 +145 @@
 #elif OS(DARWIN)
         MESSAGE_CHECK(MACH_PORT_VALID(connectionIdentifier->port()));
-        request.reply(GPUProcessConnectionInfo { IPC::Attachment { connectionIdentifier->port(), MACH_MSG_TYPE_MOVE_SEND } });
+        request.reply(GPUProcessConnectionInfo { IPC::Attachment { connectionIdentifier->port(), MACH_MSG_TYPE_MOVE_SEND }, this->connection()->getAuditToken() });
 #else
         notImplemented();

trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -33 +33 @@
 #include "ProcessThrottler.h"
 #include "ProcessThrottlerClient.h"
-#include "TransactionID.h"
 #include "WebPageProxyIdentifier.h"
 #include "WebProcessProxyMessagesReplies.h"
 #include <memory>
-#include <wtf/Deque.h>
 
 namespace WebKit {
@@ -97 +95 @@
     ProcessThrottler m_throttler;
     ProcessThrottler::ActivityVariant m_activityFromWebProcesses;
-
 #if ENABLE(MEDIA_STREAM)
     bool m_useMockCaptureDevices { false };

trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

trunk/Source/WebKit/UIProcess/WebProcessProxy.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2010-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

trunk/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp

@@ -32 +32 @@
 #include "AuthenticatorManager.h"
 #include "DeviceIdHashSaltStorage.h"
+#include "GPUProcessProxy.h"
 #include "MockAuthenticatorManager.h"
 #include "NetworkProcessMessages.h"

trunk/Source/WebKit/WebProcess/GPU/GPUProcessConnection.h

@@ -48 +48 @@
     IPC::Connection& connection() { return m_connection.get(); }
 
+#if HAVE(AUDIT_TOKEN)
+    void setAuditToken(Optional<audit_token_t> auditToken) { m_auditToken = auditToken; }
+    Optional<audit_token_t> auditToken() const { return m_auditToken; }
+#endif
+
 private:
     GPUProcessConnection(IPC::Connection::Identifier);
@@ -58 +63 @@
     // The connection from the web process to the GPU process.
     Ref<IPC::Connection> m_connection;
+
+#if HAVE(AUDIT_TOKEN)
+    Optional<audit_token_t> m_auditToken;
+#endif
 };
 

trunk/Source/WebKit/WebProcess/GPU/GPUProcessConnectionInfo.h

@@ -32 +32 @@
 struct GPUProcessConnectionInfo {
     IPC::Attachment connection;
+#if HAVE(AUDIT_TOKEN)
+    Optional<audit_token_t> auditToken;
+#endif
 
     IPC::Connection::Identifier identifier()
@@ -61 +64 @@
     {
         encoder << connection;
+#if HAVE(AUDIT_TOKEN)
+        encoder << auditToken;
+#endif
     }
     
@@ -67 +73 @@
         if (!decoder.decode(info.connection))
             return false;
+#if HAVE(AUDIT_TOKEN)
+        if (!decoder.decode(info.auditToken))
+            return false;
+#endif
         return true;
     }

trunk/Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31 +31 @@
 #include "Logging.h"
 #include "RemoteMediaPlayerManagerProxyMessages.h"
+#include "SandboxExtension.h"
 #include "WebCoreArgumentCoders.h"
+#include "WebProcess.h"
 #include <WebCore/MediaPlayer.h>
 #include <WebCore/NotImplemented.h>
@@ -85 +87 @@
 void MediaPlayerPrivateRemote::prepareForPlayback(bool privateMode, MediaPlayer::Preload preload, bool preservesPitch, bool prepare)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::PrepareForPlayback(m_id, privateMode, preload, preservesPitch, prepare), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::PrepareForPlayback(m_id, privateMode, preload, preservesPitch, prepare), 0);
 }
 
 void MediaPlayerPrivateRemote::MediaPlayerPrivateRemote::load(const URL& url, const ContentType& contentType, const String& keySystem)
 {
-    m_manager.gpuProcessConnection().sendWithAsyncReply(Messages::RemoteMediaPlayerManagerProxy::Load(m_id, url, contentType, keySystem), [weakThis = makeWeakPtr(*this)](auto&& configuration) {
+    auto& connection = m_manager.gpuProcessConnection().connection();
+    Optional<SandboxExtension::Handle> sandboxExtensionHandle;
+    if (url.isLocalFile()) {
+        SandboxExtension::Handle handle;
+        auto fileSystemPath = url.fileSystemPath();
+        bool createdExtension = false;
+
+#if HAVE(SANDBOX_ISSUE_READ_EXTENSION_TO_PROCESS_BY_AUDIT_TOKEN)
+        auto auditToken = m_manager.gpuProcessConnection().auditToken();
+        ASSERT(auditToken);
+        if (auditToken)
+            createdExtension = SandboxExtension::createHandleForReadByAuditToken(fileSystemPath, auditToken.value(), handle);
+        else
+#endif
+        createdExtension = SandboxExtension::createHandle(fileSystemPath, SandboxExtension::Type::ReadOnly, handle);
+
+        if (!createdExtension) {
+            WTFLogAlways("Unable to create sandbox extension handle for GPUProcess url.\n");
+            m_cachedState.networkState = MediaPlayer::NetworkState::FormatError;
+            m_player->networkStateChanged();
+            return;
+        }
+
+        sandboxExtensionHandle = WTFMove(handle);
+    }
+
+    connection.sendWithAsyncReply(Messages::RemoteMediaPlayerManagerProxy::Load(m_id, url, sandboxExtensionHandle, contentType, keySystem), [weakThis = makeWeakPtr(*this)](auto&& configuration) {
         if (weakThis)
             weakThis->m_configuration = configuration;
@@ -98 +126 @@
 void MediaPlayerPrivateRemote::cancelLoad()
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::CancelLoad(m_id), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::CancelLoad(m_id), 0);
 }
 
 void MediaPlayerPrivateRemote::prepareToPlay()
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::PrepareToPlay(m_id), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::PrepareToPlay(m_id), 0);
 }
 
@@ -109 +137 @@
 {
     m_cachedState.paused = false;
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::Play(m_id), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::Play(m_id), 0);
 }
 
@@ -115 +143 @@
 {
     m_cachedState.paused = true;
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::Pause(m_id), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::Pause(m_id), 0);
 }
 
 void MediaPlayerPrivateRemote::setPreservesPitch(bool preservesPitch)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetPreservesPitch(m_id, preservesPitch), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetPreservesPitch(m_id, preservesPitch), 0);
 }
 
 void MediaPlayerPrivateRemote::setVolumeDouble(double volume)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetVolume(m_id, volume), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetVolume(m_id, volume), 0);
 }
 
 void MediaPlayerPrivateRemote::setMuted(bool muted)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetMuted(m_id, muted), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetMuted(m_id, muted), 0);
 }
 
 void MediaPlayerPrivateRemote::setPreload(MediaPlayer::Preload preload)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetPreload(m_id, preload), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetPreload(m_id, preload), 0);
 }
 
 void MediaPlayerPrivateRemote::setPrivateBrowsingMode(bool privateMode)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetPrivateBrowsingMode(m_id, privateMode), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetPrivateBrowsingMode(m_id, privateMode), 0);
 }
 
@@ -151 +179 @@
 {
     m_seeking = true;
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::Seek(m_id, time), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::Seek(m_id, time), 0);
 }
 
@@ -157 +185 @@
 {
     m_seeking = true;
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SeekWithTolerance(m_id, time, negativeTolerance, positiveTolerance), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SeekWithTolerance(m_id, time, negativeTolerance, positiveTolerance), 0);
 }
 
@@ -314 +342 @@
 void MediaPlayerPrivateRemote::prepareForRendering()
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::PrepareForRendering(m_id), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::PrepareForRendering(m_id), 0);
 }
 
 void MediaPlayerPrivateRemote::setSize(const WebCore::IntSize& size)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetSize(m_id, size), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetSize(m_id, size), 0);
 }
 
 void MediaPlayerPrivateRemote::setVisible(bool visible)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetVisible(m_id, visible), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetVisible(m_id, visible), 0);
 }
 
 void MediaPlayerPrivateRemote::setShouldMaintainAspectRatio(bool maintainRatio)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetShouldMaintainAspectRatio(m_id, maintainRatio), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetShouldMaintainAspectRatio(m_id, maintainRatio), 0);
 }
 
 void MediaPlayerPrivateRemote::setVideoFullscreenFrame(WebCore::FloatRect rect)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetVideoFullscreenFrame(m_id, rect), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetVideoFullscreenFrame(m_id, rect), 0);
 }
 
 void MediaPlayerPrivateRemote::setVideoFullscreenGravity(WebCore::MediaPlayerEnums::VideoGravity gravity)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetVideoFullscreenGravity(m_id, gravity), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetVideoFullscreenGravity(m_id, gravity), 0);
 }
 
 void MediaPlayerPrivateRemote::acceleratedRenderingStateChanged()
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::AcceleratedRenderingStateChanged(m_id, m_player->supportsAcceleratedRendering()), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::AcceleratedRenderingStateChanged(m_id, m_player->supportsAcceleratedRendering()), 0);
 }
 
 void MediaPlayerPrivateRemote::setShouldDisableSleep(bool disable)
 {
-    m_manager.gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::SetShouldDisableSleep(m_id, disable), 0);
+    m_manager.gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::SetShouldDisableSleep(m_id, disable), 0);
 }
 
@@ -814 +842 @@
     auto resource = m_mediaResourceLoader->requestResource(WTFMove(request), options);
     // PlatformMediaResource owns the PlatformMediaResourceClient
-    resource->setClient(makeUnique<RemoteMediaResourceProxy>(m_manager.gpuProcessConnection(), *resource, remoteMediaResourceIdentifier));
+    resource->setClient(makeUnique<RemoteMediaResourceProxy>(m_manager.gpuProcessConnection().connection(), *resource, remoteMediaResourceIdentifier));
     m_mediaResources.add(remoteMediaResourceIdentifier, WTFMove(resource));
 }

trunk/Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

trunk/Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerMIMETypeCache.cpp

@@ -88 +88 @@
 {
     bool result;
-    if (!m_manager.gpuProcessConnection().sendSync(Messages::RemoteMediaPlayerManagerProxy::CanDecodeExtendedType(m_engineIdentifier, type.raw()), Messages::RemoteMediaPlayerManagerProxy::CanDecodeExtendedType::Reply(result), 0))
+    if (!m_manager.gpuProcessConnection().connection().sendSync(Messages::RemoteMediaPlayerManagerProxy::CanDecodeExtendedType(m_engineIdentifier, type.raw()), Messages::RemoteMediaPlayerManagerProxy::CanDecodeExtendedType::Reply(result), 0))
         return false;
 
@@ -109 +109 @@
 
     MediaPlayer::SupportsType result;
-    if (!m_manager.gpuProcessConnection().sendSync(Messages::RemoteMediaPlayerManagerProxy::SupportsTypeAndCodecs(m_engineIdentifier, parameters), Messages::RemoteMediaPlayerManagerProxy::SupportsTypeAndCodecs::Reply(result), 0))
+    if (!m_manager.gpuProcessConnection().connection().sendSync(Messages::RemoteMediaPlayerManagerProxy::SupportsTypeAndCodecs(m_engineIdentifier, parameters), Messages::RemoteMediaPlayerManagerProxy::SupportsTypeAndCodecs::Reply(result), 0))
         return MediaPlayer::SupportsType::IsNotSupported;
 
@@ -126 +126 @@
 
     Vector<String> types;
-    if (!m_manager.gpuProcessConnection().sendSync(Messages::RemoteMediaPlayerManagerProxy::GetSupportedTypes(m_engineIdentifier), Messages::RemoteMediaPlayerManagerProxy::GetSupportedTypes::Reply(types), 0))
+    if (!m_manager.gpuProcessConnection().connection().sendSync(Messages::RemoteMediaPlayerManagerProxy::GetSupportedTypes(m_engineIdentifier), Messages::RemoteMediaPlayerManagerProxy::GetSupportedTypes::Reply(types), 0))
         return;
 

trunk/Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerManager.cpp

@@ -29 +29 @@
 #if ENABLE(GPU_PROCESS)
 
-#include "GPUProcessConnection.h"
 #include "MediaPlayerPrivateRemote.h"
 #include "RemoteMediaPlayerConfiguration.h"
@@ -165 +164 @@
 
     RemoteMediaPlayerConfiguration playerConfiguration;
-    bool sendSucceeded = gpuProcessConnection().sendSync(Messages::RemoteMediaPlayerManagerProxy::CreateMediaPlayer(id, remoteEngineIdentifier, proxyConfiguration), Messages::RemoteMediaPlayerManagerProxy::CreateMediaPlayer::Reply(playerConfiguration), 0);
+    bool sendSucceeded = gpuProcessConnection().connection().sendSync(Messages::RemoteMediaPlayerManagerProxy::CreateMediaPlayer(id, remoteEngineIdentifier, proxyConfiguration), Messages::RemoteMediaPlayerManagerProxy::CreateMediaPlayer::Reply(playerConfiguration), 0);
     if (!sendSucceeded) {
         WTFLogAlways("Failed to create remote media player.");
@@ -179 +178 @@
 {
     m_players.take(id);
-    gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::DeleteMediaPlayer(id), 0);
+    gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::DeleteMediaPlayer(id), 0);
 }
 
@@ -193 +192 @@
 
     Vector<String> types;
-    if (!gpuProcessConnection().sendSync(Messages::RemoteMediaPlayerManagerProxy::GetSupportedTypes(remoteEngineIdentifier), Messages::RemoteMediaPlayerManagerProxy::GetSupportedTypes::Reply(types), 0))
+    if (!gpuProcessConnection().connection().sendSync(Messages::RemoteMediaPlayerManagerProxy::GetSupportedTypes(remoteEngineIdentifier), Messages::RemoteMediaPlayerManagerProxy::GetSupportedTypes::Reply(types), 0))
         return;
 
@@ -215 +214 @@
 {
     Vector<SecurityOriginData> originData;
-    if (!gpuProcessConnection().sendSync(Messages::RemoteMediaPlayerManagerProxy::OriginsInMediaCache(remoteEngineIdentifier, path), Messages::RemoteMediaPlayerManagerProxy::OriginsInMediaCache::Reply(originData), 0))
+    if (!gpuProcessConnection().connection().sendSync(Messages::RemoteMediaPlayerManagerProxy::OriginsInMediaCache(remoteEngineIdentifier, path), Messages::RemoteMediaPlayerManagerProxy::OriginsInMediaCache::Reply(originData), 0))
         return { };
 
@@ -227 +226 @@
 void RemoteMediaPlayerManager::clearMediaCache(MediaPlayerEnums::MediaEngineIdentifier remoteEngineIdentifier, const String& path, WallTime modifiedSince)
 {
-    gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::ClearMediaCache(remoteEngineIdentifier, path, modifiedSince), 0);
+    gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::ClearMediaCache(remoteEngineIdentifier, path, modifiedSince), 0);
 }
 
@@ -236 +235 @@
     });
 
-    gpuProcessConnection().send(Messages::RemoteMediaPlayerManagerProxy::ClearMediaCacheForOrigins(remoteEngineIdentifier, path, originData), 0);
+    gpuProcessConnection().connection().send(Messages::RemoteMediaPlayerManagerProxy::ClearMediaCacheForOrigins(remoteEngineIdentifier, path, originData), 0);
 }
 
@@ -334 +333 @@
 }
 
-IPC::Connection& RemoteMediaPlayerManager::gpuProcessConnection() const
-{
-    return WebProcess::singleton().ensureGPUProcessConnection().connection();
+GPUProcessConnection& RemoteMediaPlayerManager::gpuProcessConnection() const
+{
+    if (!m_gpuProcessConnection)
+        m_gpuProcessConnection = &WebProcess::singleton().ensureGPUProcessConnection();
+
+    return *m_gpuProcessConnection;
 }
 

trunk/Source/WebKit/WebProcess/GPU/media/RemoteMediaPlayerManager.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2019-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -28 +28 @@
 #if ENABLE(GPU_PROCESS)
 
+#include "GPUProcessConnection.h"
 #include "MediaPlayerPrivateRemoteIdentifier.h"
 #include "MessageReceiver.h"
@@ -55 +56 @@
 
     static const char* supplementName();
+    WebProcess& parentProcess() const { return m_process; }
 
     void updatePreferences(const WebCore::Settings&);
 
-    IPC::Connection& gpuProcessConnection() const;
+    GPUProcessConnection& gpuProcessConnection() const;
 
     void didReceiveMessageFromGPUProcess(IPC::Connection& connection, IPC::Decoder& decoder) { didReceiveMessage(connection, decoder); }
@@ -102 +104 @@
     HashMap<MediaPlayerPrivateRemoteIdentifier, WeakPtr<MediaPlayerPrivateRemote>> m_players;
     WebProcess& m_process;
+    mutable GPUProcessConnection* m_gpuProcessConnection { nullptr };
 };
 

trunk/Source/WebKit/WebProcess/WebProcess.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2009-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2009-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -1300 +1300 @@
 
         m_gpuProcessConnection = GPUProcessConnection::create(connectionInfo.releaseIdentifier());
+#if HAVE(AUDIT_TOKEN)
+        ASSERT(connectionInfo.auditToken);
+        m_gpuProcessConnection->setAuditToken(WTFMove(connectionInfo.auditToken));
+#endif
     }