Diff
Modified: trunk/Source/WebKit/ChangeLog (237760 => 237761)
--- trunk/Source/WebKit/ChangeLog 2018-11-03 00:06:09 UTC (rev 237760)
+++ trunk/Source/WebKit/ChangeLog 2018-11-03 00:33:53 UTC (rev 237761)
@@ -1,3 +1,22 @@
+2018-11-02 Alex Christensen <achristen...@webkit.org>
+
+ Mac production builds should sign the network process xpc service with entitlements
+ https://bugs.webkit.org/show_bug.cgi?id=191209
+ <rdar://problem/45377609>
+
+ Reviewed by Geoff Garen.
+
+ * Configurations/NetworkService.xcconfig:
+ Set CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO like we do for the web process,
+ except with the corresponoding network process entitlements file.
+ * UIProcess/API/Cocoa/WKProcessPool.mm:
+ (-[WKProcessPool _networkProcessHasEntitlementForTesting:]):
+ * UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::networkProcessHasEntitlementForTesting):
+ * UIProcess/WebProcessPool.h:
+ Add infrastructure to test that the network process actually has an entitlement.
+
2018-11-02 Daniel Bates <daba...@apple.com>
[iOS] WebKit should dispatch DOM events when a modifier key is pressed
Modified: trunk/Source/WebKit/Configurations/NetworkService.xcconfig (237760 => 237761)
--- trunk/Source/WebKit/Configurations/NetworkService.xcconfig 2018-11-03 00:06:09 UTC (rev 237760)
+++ trunk/Source/WebKit/Configurations/NetworkService.xcconfig 2018-11-03 00:33:53 UTC (rev 237761)
@@ -32,6 +32,7 @@
WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE_appletvsimulator = Network-iOS;
WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE_iosmac = Network-iOS-minimalsimulator;
+CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO = Configurations/Network-OSX-sandbox.entitlements;
OTHER_CODE_SIGN_FLAGS = $(WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS);
PRODUCT_NAME = com.apple.WebKit.Networking;
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm (237760 => 237761)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm 2018-11-03 00:06:09 UTC (rev 237760)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm 2018-11-03 00:33:53 UTC (rev 237761)
@@ -584,6 +584,11 @@
return [array autorelease];
}
+- (BOOL)_networkProcessHasEntitlementForTesting:(NSString *)entitlement
+{
+ return _processPool->networkProcessHasEntitlementForTesting(entitlement);
+}
+
@end
#endif // WK_API_ENABLED
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h (237760 => 237761)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h 2018-11-03 00:06:09 UTC (rev 237760)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h 2018-11-03 00:33:53 UTC (rev 237761)
@@ -114,6 +114,7 @@
- (void)_registerURLSchemeServiceWorkersCanHandle:(NSString *)scheme WK_API_AVAILABLE(macosx(10.13.4), ios(11.3));
- (void)_setMaximumNumberOfProcesses:(NSUInteger)value WK_API_AVAILABLE(macosx(10.13.4), ios(11.3));
- (NSArray<NSString *> *)_getActivePagesOriginsInWebProcessForTesting:(pid_t)pid WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA));
+- (BOOL)_networkProcessHasEntitlementForTesting:(NSString *)entitlement WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA));
@property (nonatomic, getter=_isCookieStoragePartitioningEnabled, setter=_setCookieStoragePartitioningEnabled:) BOOL _cookieStoragePartitioningEnabled WK_API_DEPRECATED("Partitioned cookies are no longer supported", macosx(10.12.3, WK_MAC_TBA), ios(10.3, WK_IOS_TBA));
@property (nonatomic, getter=_isStorageAccessAPIEnabled, setter=_setStorageAccessAPIEnabled:) BOOL _storageAccessAPIEnabled WK_API_AVAILABLE(macosx(10.13.4), ios(11.3));
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (237760 => 237761)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2018-11-03 00:06:09 UTC (rev 237760)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2018-11-03 00:33:53 UTC (rev 237761)
@@ -53,6 +53,7 @@
#import <pal/spi/cocoa/NSKeyedArchiverSPI.h>
#import <sys/param.h>
#import <wtf/ProcessPrivilege.h>
+#import <wtf/cocoa/Entitlements.h>
#import <wtf/spi/darwin/dyldSPI.h>
#if PLATFORM(MAC)
@@ -385,6 +386,11 @@
return !m_userObservablePageCounter.value() && !m_processSuppressionDisabledForPageCounter.value();
}
+bool WebProcessPool::networkProcessHasEntitlementForTesting(const String& entitlement)
+{
+ return WTF::hasEntitlement(ensureNetworkProcess().connection()->xpcConnection(), entitlement.utf8().data());
+}
+
void WebProcessPool::registerNotificationObservers()
{
#if !PLATFORM(IOS_FAMILY)
Modified: trunk/Source/WebKit/UIProcess/WebProcessPool.h (237760 => 237761)
--- trunk/Source/WebKit/UIProcess/WebProcessPool.h 2018-11-03 00:06:09 UTC (rev 237760)
+++ trunk/Source/WebKit/UIProcess/WebProcessPool.h 2018-11-03 00:33:53 UTC (rev 237761)
@@ -216,6 +216,7 @@
ProcessID networkProcessIdentifier();
Vector<String> activePagesOriginsInWebProcessForTesting(ProcessID);
+ bool networkProcessHasEntitlementForTesting(const String&);
WebPageGroup& defaultPageGroup() { return m_defaultPageGroup.get(); }
Modified: trunk/Tools/ChangeLog (237760 => 237761)
--- trunk/Tools/ChangeLog 2018-11-03 00:06:09 UTC (rev 237760)
+++ trunk/Tools/ChangeLog 2018-11-03 00:33:53 UTC (rev 237761)
@@ -1,3 +1,15 @@
+2018-11-02 Alex Christensen <achristen...@webkit.org>
+
+ Mac production builds should sign the network process xpc service with entitlements
+ https://bugs.webkit.org/show_bug.cgi?id=191209
+ <rdar://problem/45377609>
+
+ Reviewed by Geoff Garen.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm: Added.
+ (TEST):
+
2018-11-02 Lucas Forschler <lforsch...@apple.com>
Add Windows 10 archive bots
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (237760 => 237761)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2018-11-03 00:06:09 UTC (rev 237760)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2018-11-03 00:33:53 UTC (rev 237761)
@@ -281,6 +281,7 @@
5C7964101EB0278D0075D74C /* EventModifiers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5C79640F1EB0269B0075D74C /* EventModifiers.cpp */; };
5C7C74CB1FB529BA002F9ABE /* WebViewScheduleInRunLoop.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C7C74CA1FB528D4002F9ABE /* WebViewScheduleInRunLoop.mm */; };
5C838F7F1DB04F900082858F /* LoadInvalidURLRequest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 57901FAE1CAF137100ED64F9 /* LoadInvalidURLRequest.mm */; };
+ 5C8BC799218CF44700813886 /* NetworkProcess.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C8BC798218CF3E900813886 /* NetworkProcess.mm */; };
5C973F5C1F58EF8B00359C27 /* WebGLPolicy.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C973F5B1F58EF0A00359C27 /* WebGLPolicy.mm */; };
5C9E56851DF9145400C9EE33 /* WebsitePolicies.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C9E56841DF9143D00C9EE33 /* WebsitePolicies.mm */; };
5C9E56871DF914AE00C9EE33 /* contentBlockerCheck.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5C9E56861DF9148E00C9EE33 /* contentBlockerCheck.html */; };
@@ -1588,6 +1589,7 @@
5C726D6E1D3EE06800C5E1A1 /* InstanceMethodSwizzler.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = InstanceMethodSwizzler.mm; path = cocoa/InstanceMethodSwizzler.mm; sourceTree = "<group>"; };
5C79640F1EB0269B0075D74C /* EventModifiers.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = EventModifiers.cpp; sourceTree = "<group>"; };
5C7C74CA1FB528D4002F9ABE /* WebViewScheduleInRunLoop.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebViewScheduleInRunLoop.mm; sourceTree = "<group>"; };
+ 5C8BC798218CF3E900813886 /* NetworkProcess.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = NetworkProcess.mm; sourceTree = "<group>"; };
5C973F5B1F58EF0A00359C27 /* WebGLPolicy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebGLPolicy.mm; sourceTree = "<group>"; };
5C9E56841DF9143D00C9EE33 /* WebsitePolicies.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebsitePolicies.mm; sourceTree = "<group>"; };
5C9E56861DF9148E00C9EE33 /* contentBlockerCheck.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = contentBlockerCheck.html; sourceTree = "<group>"; };
@@ -2393,6 +2395,7 @@
5165FE03201EE617009F7EC3 /* MessagePortProviders.mm */,
51CD1C6A1B38CE3600142CA5 /* ModalAlerts.mm */,
1ABC3DED1899BE6D004F0626 /* Navigation.mm */,
+ 5C8BC798218CF3E900813886 /* NetworkProcess.mm */,
5CAE4637201937CD0051610F /* NetworkProcessCrashNonPersistentDataStore.mm */,
CD2D0D19213465560018C784 /* NowPlaying.mm */,
2ECFF5541D9B12F800B55394 /* NowPlayingControlsTests.mm */,
@@ -3927,6 +3930,7 @@
7CCE7F011A411AE600447C4C /* MouseMoveAfterCrash.cpp in Sources */,
7CCE7F241A411AF600447C4C /* Navigation.mm in Sources */,
5C0BF8951DD599CD00B00328 /* NavigatorLanguage.mm in Sources */,
+ 5C8BC799218CF44700813886 /* NetworkProcess.mm in Sources */,
5CAE463820193B6A0051610F /* NetworkProcessCrashNonPersistentDataStore.mm in Sources */,
9B19CDA01F06DFE3000548DD /* NetworkProcessCrashWithPendingConnection.mm in Sources */,
7CCE7F021A411AE600447C4C /* NewFirstVisuallyNonEmptyLayout.cpp in Sources */,
Added: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm (0 => 237761)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm 2018-11-03 00:33:53 UTC (rev 237761)
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#import "TestWKWebView.h"
+#import <WebKit/WKProcessPoolPrivate.h>
+#import <wtf/RetainPtr.h>
+
+#if WK_API_ENABLED
+
+#if PLATFORM(MAC)
+TEST(WebKit, NetworkProcessEntitlements)
+{
+ auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:[[[WKWebViewConfiguration alloc] init] autorelease]]);
+ [webView synchronouslyLoadTestPageNamed:@"simple"];
+ WKProcessPool *pool = [webView configuration].processPool;
+ EXPECT_TRUE([pool _networkProcessHasEntitlementForTesting:@"com.apple.rootless.storage.WebKitNetworkingSandbox"]);
+ EXPECT_FALSE([pool _networkProcessHasEntitlementForTesting:@"test failure case"]);
+}
+#endif // PLATFORM(MAC)
+
+#endif // WK_API_ENABLED
+
+
