Changeset 256004 in webkit


Ignore:
Timestamp:
Feb 6, 2020 7:27:21 PM (4 years ago)
Author:
Brent Fulgham
Message:

Build entitlements into GPU Process
https://bugs.webkit.org/show_bug.cgi?id=207367
<rdar://problem/59208411>

Reviewed by Geoffrey Garen.

When the new GPU process was added, we did not update the build system to add
necessary entitlements, or to encode the sandbox name for process startup.
This patch corrects these issues.

  • Scripts/process-entitlements.sh:
Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r256002 r256004  
     12020-02-06  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Build entitlements into GPU Process
     4        https://bugs.webkit.org/show_bug.cgi?id=207367
     5        <rdar://problem/59208411>
     6
     7        Reviewed by Geoffrey Garen.
     8
     9        When the new GPU process was added, we did not update the build system to add
     10        necessary entitlements, or to encode the sandbox name for process startup.
     11        This patch corrects these issues.
     12
     13        * Scripts/process-entitlements.sh:
     14
    1152020-02-06  Yusuke Suzuki  <ysuzuki@apple.com>
    216
  • trunk/Source/WebKit/Scripts/process-entitlements.sh

    r255189 r256004  
    2020
    2121    mac_process_webcontent_or_plugin_entitlements
     22}
     23
     24function mac_process_gpu_entitlements()
     25{
     26    if [[ "${WK_USE_RESTRICTED_ENTITLEMENTS}" == YES ]]
     27    then
     28        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 101400 ))
     29        then
     30            plistbuddy Add :com.apple.tcc.delegated-services array
     31            plistbuddy Add :com.apple.tcc.delegated-services:1 string kTCCServiceMicrophone
     32            plistbuddy Add :com.apple.tcc.delegated-services:0 string kTCCServiceCamera
     33        fi
     34
     35        plistbuddy Add :com.apple.rootless.storage.WebKitGPUSandbox bool YES
     36    fi
    2237}
    2338
     
    7691{
    7792    plistbuddy Add :com.apple.security.cs.allow-jit bool YES
     93}
     94
     95function maccatalyst_process_gpu_entitlements()
     96{
     97    plistbuddy Add :com.apple.security.network.client bool YES
    7898}
    7999
     
    120140}
    121141
     142function ios_family_process_gpu_entitlements()
     143{
     144    plistbuddy Add :com.apple.QuartzCore.secure-mode bool YES
     145    plistbuddy Add :com.apple.QuartzCore.webkit-end-points bool YES
     146    plistbuddy Add :com.apple.mediaremote.set-playback-state bool YES
     147    plistbuddy Add :com.apple.private.allow-explicit-graphics-priority bool YES
     148    plistbuddy Add :com.apple.private.coremedia.extensions.audiorecording.allow bool YES
     149    plistbuddy Add :com.apple.private.coremedia.pidinheritance.allow bool YES
     150    plistbuddy Add :com.apple.private.memorystatus bool YES
     151    plistbuddy Add :com.apple.private.network.socket-delegate bool YES
     152
     153    plistbuddy Add :com.apple.tcc.delegated-services array
     154    plistbuddy Add :com.apple.tcc.delegated-services:0 string kTCCServiceCamera
     155    plistbuddy Add :com.apple.tcc.delegated-services:1 string kTCCServiceMicrophone
     156
     157    plistbuddy Add :seatbelt-profiles array
     158    plistbuddy Add :seatbelt-profiles:0 string com.apple.WebKit.GPU
     159}
     160
    122161function ios_family_process_network_entitlements()
    123162{
     
    157196    elif [[ "${PRODUCT_NAME}" == com.apple.WebKit.Networking ]]; then mac_process_network_entitlements
    158197    elif [[ "${PRODUCT_NAME}" == com.apple.WebKit.Plugin.64 ]]; then mac_process_plugin_entitlements
     198    elif [[ "${PRODUCT_NAME}" == com.apple.WebKit.GPU ]]; then mac_process_gpu_entitlements
    159199    else echo "Unsupported/unknown product: ${PRODUCT_NAME}"
    160200    fi
     
    167207    elif [[ "${PRODUCT_NAME}" == com.apple.WebKit.Networking ]]; then maccatalyst_process_network_entitlements
    168208    elif [[ "${PRODUCT_NAME}" == com.apple.WebKit.Plugin.64 ]]; then maccatalyst_process_plugin_entitlements
     209    elif [[ "${PRODUCT_NAME}" == com.apple.WebKit.GPU ]]; then maccatalyst_process_gpu_entitlements
    169210    else echo "Unsupported/unknown product: ${PRODUCT_NAME}"
    170211    fi
     
    177218    elif [[ "${PRODUCT_NAME}" == com.apple.WebKit.Networking ]]; then ios_family_process_network_entitlements
    178219    elif [[ "${PRODUCT_NAME}" == com.apple.WebKit.Plugin.64 ]]; then ios_family_process_plugin_entitlements
     220    elif [[ "${PRODUCT_NAME}" == com.apple.WebKit.GPU ]]; then ios_family_process_gpu_entitlements
    179221    else echo "Unsupported/unknown product: ${PRODUCT_NAME}"
    180222    fi
Note: See TracChangeset for help on using the changeset viewer.