Diff
Modified: trunk/Source/WebCore/ChangeLog (230467 => 230468)
--- trunk/Source/WebCore/ChangeLog 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebCore/ChangeLog 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,3 +1,22 @@
+2018-04-09 Brent Fulgham <bfulg...@apple.com>
+
+ Add ProcessPrivilege assertions to places that access NSApp
+ https://bugs.webkit.org/show_bug.cgi?id=184322
+ <rdar://problem/39194560>
+
+ Reviewed by Per Arne Vollan.
+
+ Add ProcessPrivilege assertions to places where we interact with NSApp so
+ that we can prevent accidentally using them in the WebContent process.
+
+ * page/mac/EventHandlerMac.mm:
+ (WebCore::lastEventIsMouseUp):
+ (WebCore::EventHandler::sendFakeEventsAfterWidgetTracking):
+ * platform/mac/EventLoopMac.mm:
+ (WebCore::EventLoop::cycle):
+ * platform/mac/PasteboardMac.mm:
+ (WebCore::Pasteboard::setDragImage):
+
2018-04-09 John Wilander <wilan...@apple.com>
Refactor Ignore HSTS code
Modified: trunk/Source/WebCore/page/mac/EventHandlerMac.mm (230467 => 230468)
--- trunk/Source/WebCore/page/mac/EventHandlerMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebCore/page/mac/EventHandlerMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -69,6 +69,7 @@
#include <wtf/MainThread.h>
#include <wtf/NeverDestroyed.h>
#include <wtf/ObjcRuntimeExtras.h>
+#include <wtf/ProcessPrivilege.h>
#if ENABLE(MAC_GESTURE_EVENTS)
#import <WebKitAdditions/EventHandlerMacGesture.cpp>
@@ -200,6 +201,7 @@
// It's not clear in what cases this is helpful now -- it's possible it can be removed.
ASSERT([NSApp isRunning]);
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
BEGIN_BLOCK_OBJC_EXCEPTIONS;
NSEvent *currentEventAfterHandlingMouseDown = [NSApp currentEvent];
@@ -570,6 +572,8 @@
if (!view)
return;
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
+
BEGIN_BLOCK_OBJC_EXCEPTIONS;
m_sendingEventToSubview = false;
Modified: trunk/Source/WebCore/platform/mac/EventLoopMac.mm (230467 => 230468)
--- trunk/Source/WebCore/platform/mac/EventLoopMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebCore/platform/mac/EventLoopMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2008, 2017 Apple Inc. All Rights Reserved.
+ * Copyright (C) 2008-2018 Apple Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -26,6 +26,8 @@
#include "config.h"
#include "EventLoop.h"
+#include <wtf/ProcessPrivilege.h>
+
#if PLATFORM(MAC)
namespace WebCore {
@@ -37,6 +39,7 @@
[[NSRunLoop currentRunLoop] runUntilDate:[NSDate dateWithTimeIntervalSinceNow:0.05]];
return;
}
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
#endif
[NSApp setWindowsNeedUpdate:YES];
if (NSEvent *event = [NSApp nextEventMatchingMask:NSEventMaskAny untilDate:[NSDate dateWithTimeIntervalSinceNow:0.05] inMode:NSDefaultRunLoopMode dequeue:YES])
Modified: trunk/Source/WebCore/platform/mac/PasteboardMac.mm (230467 => 230468)
--- trunk/Source/WebCore/platform/mac/PasteboardMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebCore/platform/mac/PasteboardMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -42,6 +42,7 @@
#import "WebNSAttributedStringExtras.h"
#import <pal/spi/cg/CoreGraphicsSPI.h>
#import <pal/spi/mac/HIServicesSPI.h>
+#import <wtf/ProcessPrivilege.h>
#import <wtf/RetainPtr.h>
#import <wtf/StdLibExtras.h>
#import <wtf/text/StringBuilder.h>
@@ -675,6 +676,7 @@
// This is only relevant in WK1. Do not execute in the WebContent process, since it is now using
// NSRunLoop, and not the NSApplication run loop.
if ([NSApp isRunning]) {
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
NSEvent* event = [NSEvent mouseEventWithType:NSEventTypeMouseMoved location:NSZeroPoint
modifierFlags:0 timestamp:0 windowNumber:0 context:nil eventNumber:0 clickCount:0 pressure:0];
[NSApp postEvent:event atStart:YES];
Modified: trunk/Source/WebKit/ChangeLog (230467 => 230468)
--- trunk/Source/WebKit/ChangeLog 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/ChangeLog 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,3 +1,49 @@
+2018-04-09 Brent Fulgham <bfulg...@apple.com>
+
+ Add ProcessPrivilege assertions to places that access NSApp
+ https://bugs.webkit.org/show_bug.cgi?id=184322
+ <rdar://problem/39194560>
+
+ Reviewed by Per Arne Vollan.
+
+ Add ProcessPrivilege assertions to places where we interact with NSApp so
+ that we can prevent accidentally using them in the WebContent process.
+
+ * Shared/mac/ChildProcessMac.mm:
+ (WebKit::ChildProcess::stopNSAppRunLoop):
+ * Shared/mac/HangDetectionDisablerMac.mm:
+ (WebKit::setClientsMayIgnoreEvents):
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::platformInitializeWebProcess):
+ * UIProcess/Cocoa/WebViewImpl.mm:
+ (WebKit::WebViewImpl::WebViewImpl):
+ (WebKit::WebViewImpl::becomeFirstResponder):
+ (WebKit::WebViewImpl::pluginFocusOrWindowFocusChanged):
+ (WebKit::WebViewImpl::validateUserInterfaceItem):
+ (WebKit::WebViewImpl::startSpeaking):
+ (WebKit::WebViewImpl::stopSpeaking):
+ (WebKit::applicationFlagsForDrag):
+ (WebKit::WebViewImpl::doneWithKeyEvent):
+ * UIProcess/Gamepad/mac/UIGamepadProviderMac.mm:
+ (WebKit::UIGamepadProvider::platformWebPageProxyForGamepadInput):
+ * UIProcess/Plugins/mac/PluginProcessProxyMac.mm:
+ (WebKit::PluginProcessProxy::enterFullscreen):
+ (WebKit::PluginProcessProxy::beginModal):
+ (WebKit::PluginProcessProxy::endModal):
+ * UIProcess/mac/DisplayLink.cpp:
+ (WebKit::DisplayLink::DisplayLink):
+ (WebKit::DisplayLink::~DisplayLink):
+ * UIProcess/mac/PageClientImplMac.mm:
+ (WebKit::PageClientImpl::isViewWindowActive):
+ (WebKit::PageClientImpl::setCursor):
+ * UIProcess/mac/WebPageProxyMac.mm:
+ (WebKit::WebPageProxy::getIsSpeaking):
+ (WebKit::WebPageProxy::speak):
+ (WebKit::WebPageProxy::stopSpeaking):
+ (WebKit::WebPageProxy::startDisplayLink):
+ * UIProcess/mac/WebPopupMenuProxyMac.mm:
+ (WebKit::WebPopupMenuProxyMac::showPopupMenu):
+
2018-04-09 John Wilander <wilan...@apple.com>
Refactor Ignore HSTS code
Modified: trunk/Source/WebKit/Shared/mac/ChildProcessMac.mm (230467 => 230468)
--- trunk/Source/WebKit/Shared/mac/ChildProcessMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/Shared/mac/ChildProcessMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -38,6 +38,7 @@
#import <pwd.h>
#import <stdlib.h>
#import <sysexits.h>
+#import <wtf/ProcessPrivilege.h>
#import <wtf/Scope.h>
#import <wtf/spi/darwin/SandboxSPI.h>
@@ -205,6 +206,7 @@
void ChildProcess::stopNSAppRunLoop()
{
ASSERT([NSApp isRunning]);
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
[NSApp stop:nil];
NSEvent *event = [NSEvent otherEventWithType:NSEventTypeApplicationDefined location:NSMakePoint(0, 0) modifierFlags:0 timestamp:0.0 windowNumber:0 context:nil subtype:0 data1:0 data2:0];
Modified: trunk/Source/WebKit/Shared/mac/HangDetectionDisablerMac.mm (230467 => 230468)
--- trunk/Source/WebKit/Shared/mac/HangDetectionDisablerMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/Shared/mac/HangDetectionDisablerMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -29,6 +29,7 @@
#if PLATFORM(MAC)
#include <pal/spi/cg/CoreGraphicsSPI.h>
+#include <wtf/ProcessPrivilege.h>
#include <wtf/RetainPtr.h>
namespace WebKit {
@@ -52,6 +53,7 @@
// In this case, there will be no valid WindowServer main connection.
if (!cgsId)
return;
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
#endif
if (CGSSetConnectionProperty(cgsId, cgsId, clientsMayIgnoreEventsKey, clientsMayIgnoreEvents ? kCFBooleanTrue : kCFBooleanFalse) != kCGErrorSuccess)
ASSERT_NOT_REACHED();
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (230467 => 230468)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -182,6 +182,7 @@
#if PLATFORM(MAC)
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wdeprecated-declarations"
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
parameters.accessibilityEnhancedUserInterfaceEnabled = [[NSApp accessibilityAttributeValue:@"AXEnhancedUserInterface"] boolValue];
#pragma clang diagnostic pop
#else
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebViewImpl.mm (230467 => 230468)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebViewImpl.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebViewImpl.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2015-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2015-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -102,6 +102,7 @@
#import <pal/spi/mac/NSWindowSPI.h>
#import <sys/stat.h>
#import <wtf/NeverDestroyed.h>
+#import <wtf/ProcessPrivilege.h>
#import <wtf/SetForScope.h>
#import <wtf/SoftLinking.h>
#import <wtf/cf/TypeCastsCF.h>
@@ -1287,6 +1288,7 @@
{
static_cast<PageClientImpl&>(*m_pageClient).setImpl(*this);
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
[NSApp registerServicesMenuSendTypes:PasteboardTypes::forSelection() returnTypes:PasteboardTypes::forEditing()];
[view addTrackingArea:m_primaryTrackingArea.get()];
@@ -1420,6 +1422,7 @@
bool WebViewImpl::becomeFirstResponder()
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
// If we just became first responder again, there is no need to do anything,
// since resignFirstResponder has correctly detected this situation.
if (m_willBecomeFirstResponderAgain) {
@@ -2376,6 +2379,7 @@
void WebViewImpl::pluginFocusOrWindowFocusChanged(bool pluginHasFocusAndWindowHasFocus, uint64_t pluginComplexTextInputIdentifier)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
BOOL inputSourceChanged = m_pluginComplexTextInputIdentifier;
if (pluginHasFocusAndWindowHasFocus) {
@@ -2685,6 +2689,7 @@
bool WebViewImpl::validateUserInterfaceItem(id <NSValidatedUserInterfaceItem> item)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
SEL action = "" action];
if (action == @selector(showGuessPanel:)) {
@@ -2806,6 +2811,7 @@
void WebViewImpl::startSpeaking()
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
m_page->getSelectionOrContentsAsString([](const String& string, WebKit::CallbackBase::Error error) {
if (error != WebKit::CallbackBase::Error::None)
return;
@@ -2818,6 +2824,7 @@
void WebViewImpl::stopSpeaking(id sender)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
[NSApp stopSpeaking:sender];
}
@@ -3630,6 +3637,7 @@
static WebCore::DragApplicationFlags applicationFlagsForDrag(NSView *view, id <NSDraggingInfo> draggingInfo)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
uint32_t flags = 0;
if ([NSApp modalWindow])
flags = WebCore::DragApplicationIsModal;
@@ -4242,6 +4250,7 @@
void WebViewImpl::doneWithKeyEvent(NSEvent *event, bool eventWasHandled)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
if ([event type] != NSEventTypeKeyDown)
return;
Modified: trunk/Source/WebKit/UIProcess/Gamepad/mac/UIGamepadProviderMac.mm (230467 => 230468)
--- trunk/Source/WebKit/UIProcess/Gamepad/mac/UIGamepadProviderMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/UIProcess/Gamepad/mac/UIGamepadProviderMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2016 Apple Inc. All rights reserved.
+ * Copyright (C) 2016-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -32,11 +32,13 @@
#import "WKAPICast.h"
#import "WKViewInternal.h"
#import "WKWebViewInternal.h"
+#import <wtf/ProcessPrivilege.h>
namespace WebKit {
WebPageProxy* UIGamepadProvider::platformWebPageProxyForGamepadInput()
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
auto responder = [[NSApp keyWindow] firstResponder];
#if WK_API_ENABLED
Modified: trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm (230467 => 230468)
--- trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/UIProcess/Plugins/mac/PluginProcessProxyMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -38,6 +38,7 @@
#import <mach-o/dyld.h>
#import <pal/spi/cf/CFNetworkSPI.h>
#import <spawn.h>
+#import <wtf/ProcessPrivilege.h>
#import <wtf/text/CString.h>
@interface WKPlaceholderModalWindow : NSWindow
@@ -131,6 +132,7 @@
void PluginProcessProxy::enterFullscreen()
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
// Get the current presentation options.
m_preFullscreenAppPresentationOptions = [NSApp presentationOptions];
@@ -191,7 +193,8 @@
{
ASSERT(!m_placeholderWindow);
ASSERT(!m_activationObserver);
-
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
+
m_placeholderWindow = adoptNS([[WKPlaceholderModalWindow alloc] initWithContentRect:NSMakeRect(0, 0, 1, 1) styleMask:NSWindowStyleMaskBorderless backing:NSBackingStoreBuffered defer:YES]);
[m_placeholderWindow setReleasedWhenClosed:NO];
@@ -212,7 +215,8 @@
{
ASSERT(m_placeholderWindow);
ASSERT(m_activationObserver);
-
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
+
[[NSNotificationCenter defaultCenter] removeObserver:m_activationObserver.get()];
m_activationObserver = nullptr;
Modified: trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp (230467 => 230468)
--- trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/UIProcess/mac/DisplayLink.cpp 2018-04-10 03:50:17 UTC (rev 230468)
@@ -31,6 +31,7 @@
#include "DrawingAreaMessages.h"
#include "WebPageProxy.h"
#include "WebProcessProxy.h"
+#include <wtf/ProcessPrivilege.h>
namespace WebKit {
@@ -37,6 +38,7 @@
DisplayLink::DisplayLink(WebCore::PlatformDisplayID displayID, WebPageProxy& webPageProxy)
: m_webPageProxy(webPageProxy)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
CVReturn error = CVDisplayLinkCreateWithCGDisplay(displayID, &m_displayLink);
if (error) {
WTFLogAlways("Could not create a display link: %d", error);
@@ -56,6 +58,7 @@
DisplayLink::~DisplayLink()
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
ASSERT(m_displayLink);
if (!m_displayLink)
return;
Modified: trunk/Source/WebKit/UIProcess/mac/PageClientImplMac.mm (230467 => 230468)
--- trunk/Source/WebKit/UIProcess/mac/PageClientImplMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/UIProcess/mac/PageClientImplMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -72,6 +72,7 @@
#import <WebCore/TextUndoInsertionMarkupMac.h>
#import <WebCore/ValidationBubble.h>
#import <WebCore/WebCoreCALayerExtras.h>
+#import <wtf/ProcessPrivilege.h>
#import <wtf/text/CString.h>
#import <wtf/text/WTFString.h>
@@ -160,6 +161,7 @@
bool PageClientImpl::isViewWindowActive()
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
NSWindow *activeViewWindow = activeWindow();
return activeViewWindow.isKeyWindow || [NSApp keyWindow] == activeViewWindow;
}
@@ -290,6 +292,7 @@
void PageClientImpl::setCursor(const WebCore::Cursor& cursor)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
// FIXME: Would be nice to share this code with WebKit1's WebChromeClient.
// The Web process may have asked to change the cursor when the view was in an active window, but
Modified: trunk/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm (230467 => 230468)
--- trunk/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/UIProcess/mac/WebPageProxyMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -58,6 +58,7 @@
#import <WebCore/ValidationBubble.h>
#import <mach-o/dyld.h>
#import <pal/spi/mac/NSApplicationSPI.h>
+#import <wtf/ProcessPrivilege.h>
#import <wtf/text/StringConcatenate.h>
#define MESSAGE_CHECK(assertion) MESSAGE_CHECK_BASE(assertion, process().connection())
@@ -99,16 +100,19 @@
void WebPageProxy::getIsSpeaking(bool& isSpeaking)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
isSpeaking = [NSApp isSpeaking];
}
void WebPageProxy::speak(const String& string)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
[NSApp speakString:nsStringFromWebCoreString(string)];
}
void WebPageProxy::stopSpeaking()
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
[NSApp stopSpeaking:nil];
}
@@ -608,6 +612,7 @@
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400
void WebPageProxy::startDisplayLink(unsigned observerID)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
if (!m_displayLink) {
uint32_t displayID = [[[[platformWindow() screen] deviceDescription] objectForKey:@"NSScreenNumber"] intValue];
m_displayLink = std::make_unique<DisplayLink>(displayID, *this);
Modified: trunk/Source/WebKit/UIProcess/mac/WebPopupMenuProxyMac.mm (230467 => 230468)
--- trunk/Source/WebKit/UIProcess/mac/WebPopupMenuProxyMac.mm 2018-04-10 03:43:46 UTC (rev 230467)
+++ trunk/Source/WebKit/UIProcess/mac/WebPopupMenuProxyMac.mm 2018-04-10 03:50:17 UTC (rev 230468)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2010-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2010-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -34,6 +34,7 @@
#import "StringUtilities.h"
#import "WebPopupItem.h"
#import <pal/system/mac/PopupMenu.h>
+#import <wtf/ProcessPrivilege.h>
using namespace WebCore;
@@ -98,6 +99,7 @@
void WebPopupMenuProxyMac::showPopupMenu(const IntRect& rect, TextDirection textDirection, double pageScaleFactor, const Vector<WebPopupItem>& items, const PlatformPopupMenuData& data, int32_t selectedIndex)
{
+ RELEASE_ASSERT(hasProcessPrivilege(ProcessPrivilege::CanCommunicateWithWindowServer));
NSFont *font;
if (data.fontInfo.fontAttributeDictionary) {
NSFontDescriptor *fontDescriptor = [NSFontDescriptor fontDescriptorWithFontAttributes:(NSDictionary *)data.fontInfo.fontAttributeDictionary.get()];