Diff
Modified: trunk/Source/WebCore/ChangeLog (207703 => 207704)
--- trunk/Source/WebCore/ChangeLog 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebCore/ChangeLog 2016-10-22 03:35:04 UTC (rev 207704)
@@ -1,3 +1,42 @@
+2016-10-21 Eric Carlson <eric.carl...@apple.com>
+
+ [MediaStream] Dynamically generate media capture sandbox extensions
+ https://bugs.webkit.org/show_bug.cgi?id=154861
+ <rdar://problem/24909411>
+
+ Reviewed by Tim Horton.
+
+ No new tests, some of these changes are covered by existing tests and some can only be tested
+ with physical capture devices.
+
+ * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm: AVSampleBufferAudioRenderer
+ and AVSampleBufferRenderSynchronizer are now declared in AVFoundationSPI.h.
+
+ * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h:
+ * platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm:
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC): Initialize
+ AVSampleBufferRenderSynchronizer.
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::isAvailable): Fail if AVSampleBufferRenderSynchronizer
+ isn't available.
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack): Take a MediaSample&
+ instead of a PlatformSample&.
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack): Ditto.
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::ensureLayer): Add the sample buffer display
+ later to the synchronizer.
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::destroyLayer): Remove the sample buffer display
+ later from the synchronizer.
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::play): Start the synchronizer.
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::pause): Stash the current clock time in
+ m_pausedTime, but leave the clock running. Pause the synchronizer.
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::currentMediaTime): Return the clock time
+ when playing, m_pausedTime time when paused because we leave the clock running forever.
+ (WebCore::MediaPlayerPrivateMediaStreamAVFObjC::sampleBufferUpdated):
+
+ * platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm: AVSampleBufferAudioRenderer
+ is now declared in AVFoundationSPI.h.
+
+ * platform/spi/mac/AVFoundationSPI.h: Add AVSampleBufferAudioRenderer and AVSampleBufferRenderSynchronizer.
+
2016-10-21 Commit Queue <commit-qu...@webkit.org>
Unreviewed, rolling out r207582.
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm (207703 => 207704)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm 2016-10-22 03:35:04 UTC (rev 207704)
@@ -93,31 +93,6 @@
@end
#pragma mark -
-#pragma mark AVSampleBufferAudioRenderer
-
-@interface AVSampleBufferAudioRenderer : NSObject
-- (void)setVolume:(float)volume;
-- (void)setMuted:(BOOL)muted;
-@property (nonatomic, copy) NSString *audioTimePitchAlgorithm;
-@end
-
-#pragma mark -
-#pragma mark AVSampleBufferRenderSynchronizer
-
-@interface AVSampleBufferRenderSynchronizer : NSObject
-- (CMTimebaseRef)timebase;
-- (float)rate;
-- (void)setRate:(float)rate;
-- (void)setRate:(float)rate time:(CMTime)time;
-- (NSArray *)renderers;
-- (void)addRenderer:(id)renderer;
-- (void)removeRenderer:(id)renderer atTime:(CMTime)time withCompletionHandler:(void (^)(BOOL didRemoveRenderer))completionHandler;
-- (id)addPeriodicTimeObserverForInterval:(CMTime)interval queue:(dispatch_queue_t)queue usingBlock:(void (^)(CMTime time))block;
-- (id)addBoundaryTimeObserverForTimes:(NSArray *)times queue:(dispatch_queue_t)queue usingBlock:(void (^)(void))block;
-- (void)removeTimeObserver:(id)observer;
-@end
-
-#pragma mark -
#pragma mark AVStreamSession
@interface AVStreamSession : NSObject
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h (207703 => 207704)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.h 2016-10-22 03:35:04 UTC (rev 207704)
@@ -37,6 +37,7 @@
OBJC_CLASS AVSampleBufferAudioRenderer;
OBJC_CLASS AVSampleBufferDisplayLayer;
+OBJC_CLASS AVSampleBufferRenderSynchronizer;
OBJC_CLASS AVStreamSession;
typedef struct opaqueCMSampleBuffer *CMSampleBufferRef;
@@ -121,8 +122,8 @@
void setSize(const IntSize&) override { /* No-op */ }
- void enqueueAudioSampleBufferFromTrack(MediaStreamTrackPrivate&, PlatformSample);
- void enqueueVideoSampleBufferFromTrack(MediaStreamTrackPrivate&, PlatformSample);
+ void enqueueAudioSampleBufferFromTrack(MediaStreamTrackPrivate&, MediaSample&);
+ void enqueueVideoSampleBufferFromTrack(MediaStreamTrackPrivate&, MediaSample&);
bool shouldEnqueueVideoSampleBuffer() const;
void flushAndRemoveVideoSampleBuffers();
@@ -186,7 +187,9 @@
WeakPtrFactory<MediaPlayerPrivateMediaStreamAVFObjC> m_weakPtrFactory;
RefPtr<MediaStreamPrivate> m_mediaStreamPrivate;
RetainPtr<AVSampleBufferDisplayLayer> m_sampleBufferDisplayLayer;
+ RetainPtr<AVSampleBufferRenderSynchronizer> m_synchronizer;
RetainPtr<CGImageRef> m_pausedImage;
+ double m_pausedTime { 0 };
std::unique_ptr<Clock> m_clock;
HashMap<String, RefPtr<AudioTrackPrivateMediaStream>> m_audioTrackMap;
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm (207703 => 207704)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaStreamAVFObjC.mm 2016-10-22 03:35:04 UTC (rev 207704)
@@ -29,6 +29,7 @@
#if ENABLE(MEDIA_STREAM) && USE(AVFOUNDATION)
#import "AVAudioCaptureSource.h"
+#import "AVFoundationSPI.h"
#import "AVVideoCaptureSource.h"
#import "AudioTrackPrivateMediaStream.h"
#import "Clock.h"
@@ -35,6 +36,7 @@
#import "GraphicsContext.h"
#import "Logging.h"
#import "MediaStreamPrivate.h"
+#import "MediaTimeAVFoundation.h"
#import "VideoTrackPrivateMediaStream.h"
#import <AVFoundation/AVSampleBufferDisplayLayer.h>
#import <QuartzCore/CALayer.h>
@@ -54,6 +56,7 @@
SOFT_LINK_FRAMEWORK_OPTIONAL(AVFoundation)
SOFT_LINK_CLASS_OPTIONAL(AVFoundation, AVSampleBufferDisplayLayer)
+SOFT_LINK_CLASS_OPTIONAL(AVFoundation, AVSampleBufferRenderSynchronizer)
namespace WebCore {
@@ -63,6 +66,7 @@
MediaPlayerPrivateMediaStreamAVFObjC::MediaPlayerPrivateMediaStreamAVFObjC(MediaPlayer* player)
: m_player(player)
, m_weakPtrFactory(this)
+ , m_synchronizer(adoptNS([allocAVSampleBufferRenderSynchronizerInstance() init]))
, m_clock(Clock::create())
#if PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE)
, m_videoFullscreenLayerManager(VideoFullscreenLayerManager::create())
@@ -99,7 +103,7 @@
bool MediaPlayerPrivateMediaStreamAVFObjC::isAvailable()
{
- return AVFoundationLibrary() && isCoreMediaFrameworkAvailable() && getAVSampleBufferDisplayLayerClass();
+ return AVFoundationLibrary() && isCoreMediaFrameworkAvailable() && getAVSampleBufferDisplayLayerClass() && getAVSampleBufferRenderSynchronizerClass();
}
void MediaPlayerPrivateMediaStreamAVFObjC::getSupportedTypes(HashSet<String, ASCIICaseInsensitiveHash>& types)
@@ -119,26 +123,24 @@
#pragma mark -
#pragma mark AVSampleBuffer Methods
-void MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack(MediaStreamTrackPrivate&, PlatformSample)
+void MediaPlayerPrivateMediaStreamAVFObjC::enqueueAudioSampleBufferFromTrack(MediaStreamTrackPrivate&, MediaSample&)
{
// FIXME: https://bugs.webkit.org/show_bug.cgi?id=159836
}
-void MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack(MediaStreamTrackPrivate& track, PlatformSample platformSample)
+void MediaPlayerPrivateMediaStreamAVFObjC::enqueueVideoSampleBufferFromTrack(MediaStreamTrackPrivate& track, MediaSample& sample)
{
- if (&track != m_mediaStreamPrivate->activeVideoTrack())
+ if (&track != m_mediaStreamPrivate->activeVideoTrack() || !shouldEnqueueVideoSampleBuffer())
return;
- if (shouldEnqueueVideoSampleBuffer()) {
- [m_sampleBufferDisplayLayer enqueueSampleBuffer:platformSample.sample.cmSampleBuffer];
- m_isFrameDisplayed = true;
-
- if (!m_hasEverEnqueuedVideoFrame) {
- m_hasEverEnqueuedVideoFrame = true;
- m_player->firstVideoFrameAvailable();
+ sample.setTimestamps(toMediaTime(CMTimebaseGetTime([m_synchronizer timebase])), MediaTime::invalidTime());
+ [m_sampleBufferDisplayLayer enqueueSampleBuffer:sample.platformSample().sample.cmSampleBuffer];
+ m_isFrameDisplayed = true;
- updatePausedImage();
- }
+ if (!m_hasEverEnqueuedVideoFrame) {
+ m_hasEverEnqueuedVideoFrame = true;
+ m_player->firstVideoFrameAvailable();
+ updatePausedImage();
}
}
@@ -172,7 +174,9 @@
[m_sampleBufferDisplayLayer setName:@"MediaPlayerPrivateMediaStreamAVFObjC AVSampleBufferDisplayLayer"];
#endif
m_sampleBufferDisplayLayer.get().backgroundColor = cachedCGColor(Color::black);
-
+
+ [m_synchronizer addRenderer:m_sampleBufferDisplayLayer.get()];
+
renderingModeChanged();
#if PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE)
@@ -186,7 +190,12 @@
return;
[m_sampleBufferDisplayLayer flush];
+ CMTime currentTime = CMTimebaseGetTime([m_synchronizer timebase]);
+ [m_synchronizer removeRenderer:m_sampleBufferDisplayLayer.get() atTime:currentTime withCompletionHandler:^(BOOL){
+ // No-op.
+ }];
m_sampleBufferDisplayLayer = nullptr;
+
renderingModeChanged();
#if PLATFORM(MAC) && ENABLE(VIDEO_PRESENTATION_MODE)
@@ -310,6 +319,7 @@
m_clock->start();
m_playing = true;
+ [m_synchronizer setRate:1];
m_haveEverPlayed = true;
scheduleDeferredTask([this] {
updateDisplayMode();
@@ -324,8 +334,9 @@
if (!metaDataAvailable() || !m_playing || m_ended)
return;
- m_clock->stop();
+ m_pausedTime = m_clock->currentTime();
m_playing = false;
+ [m_synchronizer setRate:0];
updateDisplayMode();
updatePausedImage();
}
@@ -386,7 +397,7 @@
MediaTime MediaPlayerPrivateMediaStreamAVFObjC::currentMediaTime() const
{
- return MediaTime::createWithDouble(m_clock->currentTime());
+ return MediaTime::createWithDouble(m_playing ? m_clock->currentTime() : m_pausedTime);
}
MediaPlayer::NetworkState MediaPlayerPrivateMediaStreamAVFObjC::networkState() const
@@ -514,7 +525,7 @@
// FIXME: https://bugs.webkit.org/show_bug.cgi?id=159836
break;
case RealtimeMediaSource::Video:
- enqueueVideoSampleBufferFromTrack(track, mediaSample.platformSample());
+ enqueueVideoSampleBufferFromTrack(track, mediaSample);
m_hasReceivedMedia = true;
scheduleDeferredTask([this] {
updateReadyState();
Modified: trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm (207703 => 207704)
--- trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm 2016-10-22 03:35:04 UTC (rev 207704)
@@ -112,19 +112,6 @@
@end
#pragma mark -
-#pragma mark AVSampleBufferAudioRenderer
-
-@interface AVSampleBufferAudioRenderer : NSObject
-- (NSInteger)status;
-- (NSError*)error;
-- (void)enqueueSampleBuffer:(CMSampleBufferRef)sampleBuffer;
-- (void)flush;
-- (BOOL)isReadyForMoreMediaData;
-- (void)requestMediaDataWhenReadyOnQueue:(dispatch_queue_t)queue usingBlock:(void (^)(void))block;
-- (void)stopRequestingMediaData;
-@end
-
-#pragma mark -
#pragma mark WebAVStreamDataParserListener
@interface WebAVStreamDataParserListener : NSObject<AVStreamDataParserOutputHandling> {
Modified: trunk/Source/WebCore/platform/spi/mac/AVFoundationSPI.h (207703 => 207704)
--- trunk/Source/WebCore/platform/spi/mac/AVFoundationSPI.h 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebCore/platform/spi/mac/AVFoundationSPI.h 2016-10-22 03:35:04 UTC (rev 207704)
@@ -162,3 +162,40 @@
@end
NS_ASSUME_NONNULL_END
+
+#import <CoreMedia/CMSampleBuffer.h>
+#import <CoreMedia/CMSync.h>
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface AVSampleBufferRenderSynchronizer : NSObject
+- (CMTimebaseRef)timebase;
+- (float)rate;
+- (void)setRate:(float)rate;
+- (void)setRate:(float)rate time:(CMTime)time;
+- (NSArray *)renderers;
+- (void)addRenderer:(id)renderer;
+- (void)removeRenderer:(id)renderer atTime:(CMTime)time withCompletionHandler:(void (^)(BOOL didRemoveRenderer))completionHandler;
+- (id)addPeriodicTimeObserverForInterval:(CMTime)interval queue:(dispatch_queue_t)queue usingBlock:(void (^)(CMTime time))block;
+- (id)addBoundaryTimeObserverForTimes:(NSArray *)times queue:(dispatch_queue_t)queue usingBlock:(void (^)(void))block;
+- (void)removeTimeObserver:(id)observer;
+@end
+
+NS_ASSUME_NONNULL_END
+
+NS_ASSUME_NONNULL_BEGIN
+
+@interface AVSampleBufferAudioRenderer : NSObject
+- (NSInteger)status;
+- (NSError*)error;
+- (void)enqueueSampleBuffer:(CMSampleBufferRef)sampleBuffer;
+- (void)flush;
+- (BOOL)isReadyForMoreMediaData;
+- (void)requestMediaDataWhenReadyOnQueue:(dispatch_queue_t)queue usingBlock:(void (^)(void))block;
+- (void)stopRequestingMediaData;
+- (void)setVolume:(float)volume;
+- (void)setMuted:(BOOL)muted;
+@property (nonatomic, copy) NSString *audioTimePitchAlgorithm;
+@end
+
+NS_ASSUME_NONNULL_END
Modified: trunk/Source/WebKit2/ChangeLog (207703 => 207704)
--- trunk/Source/WebKit2/ChangeLog 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/ChangeLog 2016-10-22 03:35:04 UTC (rev 207704)
@@ -1,3 +1,39 @@
+2016-10-21 Eric Carlson <eric.carl...@apple.com>
+
+ [MediaStream] Dynamically generate media capture sandbox extensions
+ https://bugs.webkit.org/show_bug.cgi?id=154861
+ <rdar://problem/24909411>
+
+ Reviewed by Tim Horton.
+
+ * Shared/SandboxExtension.h:
+ (WebKit::SandboxExtension::createHandleForGenericExtension):
+ * Shared/mac/SandboxExtensionMac.mm:
+ (WebKit::wkSandboxExtensionType): Add case for generic handle.
+ (WebKit::SandboxExtension::createHandleForGenericExtension): New.
+
+ * UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
+ (WebKit::UserMediaPermissionRequestManagerProxy::invalidateRequests): Clear the list of extensions granted.
+ (WebKit::UserMediaPermissionRequestManagerProxy::userMediaAccessWasGranted): Extend the web
+ process sandbox as necessary.
+ * UIProcess/UserMediaPermissionRequestManagerProxy.h:
+
+ * WebProcess/MediaStream/UserMediaPermissionRequestManager.cpp:
+ (WebKit::UserMediaPermissionRequestManager::~UserMediaPermissionRequestManager): Revoke all
+ sandbox extensions.
+ (WebKit::UserMediaPermissionRequestManager::grantUserMediaDevicesSandboxExtension): Consume
+ sandbox extensions.
+ * WebProcess/MediaStream/UserMediaPermissionRequestManager.h:
+
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::grantUserMediaDevicesSandboxExtension): Pass-through to user media manager.
+ * WebProcess/WebPage/WebPage.h:
+
+ * WebProcess/WebPage/WebPage.messages.in: Add GrantUserMediaDevicesSandboxExtension.
+
+ * WebProcess/com.apple.WebProcess.sb.in: Add rules, defines, and a macro to allow dynamic extensions
+ for media capture devices.
+
2016-10-21 Gavin Barraclough <barraclo...@apple.com>
WebPage should take UserActivity directly for user input
Modified: trunk/Source/WebKit2/Shared/SandboxExtension.h (207703 => 207704)
--- trunk/Source/WebKit2/Shared/SandboxExtension.h 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/Shared/SandboxExtension.h 2016-10-22 03:35:04 UTC (rev 207704)
@@ -47,7 +47,8 @@
public:
enum Type {
ReadOnly,
- ReadWrite
+ ReadWrite,
+ Generic,
};
class Handle {
@@ -93,6 +94,7 @@
static bool createHandle(const String& path, Type type, Handle&);
static bool createHandleForReadWriteDirectory(const String& path, Handle&); // Will attempt to create the directory.
static String createHandleForTemporaryFile(const String& prefix, Type type, Handle&);
+ static bool createHandleForGenericExtension(const String& extensionClass, Handle&);
~SandboxExtension();
bool consume();
@@ -127,6 +129,7 @@
inline bool SandboxExtension::createHandle(const String&, Type, Handle&) { return true; }
inline bool SandboxExtension::createHandleForReadWriteDirectory(const String&, Handle&) { return true; }
inline String SandboxExtension::createHandleForTemporaryFile(const String& /*prefix*/, Type, Handle&) {return String();}
+inline bool SandboxExtension::createHandleForGenericExtension(const String& /*extensionClass*/, Handle&) { return true; }
inline SandboxExtension::~SandboxExtension() { }
inline bool SandboxExtension::revoke() { return true; }
inline bool SandboxExtension::consume() { return true; }
Modified: trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm (207703 => 207704)
--- trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/Shared/mac/SandboxExtensionMac.mm 2016-10-22 03:35:04 UTC (rev 207704)
@@ -159,6 +159,9 @@
return WKSandboxExtensionTypeReadOnly;
case SandboxExtension::ReadWrite:
return WKSandboxExtensionTypeReadWrite;
+ case SandboxExtension::Generic:
+ return WKSandboxExtensionTypeGeneric;
+
}
CRASH();
@@ -274,6 +277,19 @@
return String(path.data());
}
+bool SandboxExtension::createHandleForGenericExtension(const String& extensionClass, Handle& handle)
+{
+ ASSERT(!handle.m_sandboxExtension);
+
+ handle.m_sandboxExtension = WKSandboxExtensionCreate(extensionClass.utf8().data(), wkSandboxExtensionType(Type::Generic));
+ if (!handle.m_sandboxExtension) {
+ WTFLogAlways("Could not create a '%s' sandbox extension", extensionClass.utf8().data());
+ return false;
+ }
+
+ return true;
+}
+
SandboxExtension::SandboxExtension(const Handle& handle)
: m_sandboxExtension(handle.m_sandboxExtension)
, m_useCount(0)
Modified: trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp (207703 => 207704)
--- trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.cpp 2016-10-22 03:35:04 UTC (rev 207704)
@@ -47,6 +47,8 @@
for (auto& request : m_pendingDeviceRequests.values())
request->invalidate();
m_pendingDeviceRequests.clear();
+
+ m_pageSandboxExtensionsGranted.clear();
}
Ref<UserMediaPermissionRequestProxy> UserMediaPermissionRequestManagerProxy::createRequest(uint64_t userMediaID, const Vector<String>& audioDeviceUIDs, const Vector<String>& videoDeviceUIDs)
@@ -120,6 +122,8 @@
void UserMediaPermissionRequestManagerProxy::userMediaAccessWasGranted(uint64_t userMediaID, const String& audioDeviceUID, const String& videoDeviceUID)
{
+ ASSERT(!audioDeviceUID.isEmpty() || !videoDeviceUID.isEmpty());
+
if (!m_page.isValid())
return;
@@ -127,6 +131,30 @@
return;
#if ENABLE(MEDIA_STREAM)
+ size_t extensionCount = 0;
+ unsigned requiredExtensions = SandboxExtensionsGranted::None;
+ if (!audioDeviceUID.isEmpty()) {
+ requiredExtensions |= SandboxExtensionsGranted::Audio;
+ extensionCount++;
+ }
+ if (!videoDeviceUID.isEmpty()) {
+ requiredExtensions |= SandboxExtensionsGranted::Video;
+ extensionCount++;
+ }
+
+ unsigned currentExtensions = m_pageSandboxExtensionsGranted.get(m_page.pageID());
+ if (!(requiredExtensions & currentExtensions)) {
+ ASSERT(extensionCount);
+ m_pageSandboxExtensionsGranted.set(m_page.pageID(), requiredExtensions | currentExtensions);
+ SandboxExtension::HandleArray handles;
+ handles.allocate(extensionCount);
+ if (!videoDeviceUID.isEmpty())
+ SandboxExtension::createHandleForGenericExtension("com.apple.webkit.camera", handles[--extensionCount]);
+ if (!audioDeviceUID.isEmpty())
+ SandboxExtension::createHandleForGenericExtension("com.apple.webkit.microphone", handles[--extensionCount]);
+ m_page.process().send(Messages::WebPage::GrantUserMediaDevicesSandboxExtension(handles), m_page.pageID());
+ }
+
m_page.process().send(Messages::WebPage::UserMediaAccessWasGranted(userMediaID, audioDeviceUID, videoDeviceUID), m_page.pageID());
#else
UNUSED_PARAM(audioDeviceUID);
Modified: trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.h (207703 => 207704)
--- trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.h 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/UIProcess/UserMediaPermissionRequestManagerProxy.h 2016-10-22 03:35:04 UTC (rev 207704)
@@ -59,6 +59,13 @@
HashMap<uint64_t, RefPtr<UserMediaPermissionRequestProxy>> m_pendingUserMediaRequests;
HashMap<uint64_t, RefPtr<UserMediaPermissionCheckProxy>> m_pendingDeviceRequests;
+ enum SandboxExtensionsGranted {
+ None = 0,
+ Video = 1 << 0,
+ Audio = 1 << 1
+ };
+ HashMap<uint64_t, unsigned> m_pageSandboxExtensionsGranted;
+
WebPageProxy& m_page;
};
Modified: trunk/Source/WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.cpp (207703 => 207704)
--- trunk/Source/WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.cpp 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.cpp 2016-10-22 03:35:04 UTC (rev 207704)
@@ -50,6 +50,8 @@
UserMediaPermissionRequestManager::~UserMediaPermissionRequestManager()
{
+ for (auto& sandboxExtension : m_userMediaDeviceSandboxExtensions)
+ sandboxExtension->revoke();
}
void UserMediaPermissionRequestManager::startUserMediaRequest(UserMediaRequest& request)
@@ -142,6 +144,18 @@
request->setDeviceInfo(deviceList, mediaDeviceIdentifierHashSalt, hasPersistentAccess);
}
+void UserMediaPermissionRequestManager::grantUserMediaDevicesSandboxExtension(const SandboxExtension::HandleArray& sandboxExtensionHandles)
+{
+ ASSERT(m_userMediaDeviceSandboxExtensions.size() <= 2);
+
+ for (size_t i = 0; i < sandboxExtensionHandles.size(); i++) {
+ if (RefPtr<SandboxExtension> extension = SandboxExtension::create(sandboxExtensionHandles[i])) {
+ extension->consume();
+ m_userMediaDeviceSandboxExtensions.append(extension.release());
+ }
+ }
+}
+
} // namespace WebKit
#endif // ENABLE(MEDIA_STREAM)
Modified: trunk/Source/WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.h (207703 => 207704)
--- trunk/Source/WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.h 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/WebProcess/MediaStream/UserMediaPermissionRequestManager.h 2016-10-22 03:35:04 UTC (rev 207704)
@@ -22,6 +22,7 @@
#if ENABLE(MEDIA_STREAM)
+#include "SandboxExtension.h"
#include <WebCore/MediaConstraints.h>
#include <WebCore/MediaDevicesEnumerationRequest.h>
#include <WebCore/UserMediaClient.h>
@@ -48,6 +49,8 @@
void cancelMediaDevicesEnumeration(WebCore::MediaDevicesEnumerationRequest&);
void didCompleteMediaDeviceEnumeration(uint64_t, const Vector<WebCore::CaptureDevice>& deviceList, const String& deviceIdentifierHashSalt, bool originHasPersistentAccess);
+ void grantUserMediaDevicesSandboxExtension(const SandboxExtension::HandleArray&);
+
private:
WebPage& m_page;
@@ -56,6 +59,8 @@
HashMap<uint64_t, RefPtr<WebCore::MediaDevicesEnumerationRequest>> m_idToMediaDevicesEnumerationRequestMap;
HashMap<RefPtr<WebCore::MediaDevicesEnumerationRequest>, uint64_t> m_mediaDevicesEnumerationRequestToIDMap;
+
+ Vector<RefPtr<SandboxExtension>> m_userMediaDeviceSandboxExtensions;
};
} // namespace WebKit
Modified: trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (207703 => 207704)
--- trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp 2016-10-22 03:35:04 UTC (rev 207704)
@@ -3706,6 +3706,11 @@
{
m_userMediaPermissionRequestManager.didCompleteMediaDeviceEnumeration(userMediaID, devices, deviceIdentifierHashSalt, originHasPersistentAccess);
}
+
+void WebPage::grantUserMediaDevicesSandboxExtension(const SandboxExtension::HandleArray& handles)
+{
+ m_userMediaPermissionRequestManager.grantUserMediaDevicesSandboxExtension(handles);
+}
#endif
#if !PLATFORM(IOS)
Modified: trunk/Source/WebKit2/WebProcess/WebPage/WebPage.h (207703 => 207704)
--- trunk/Source/WebKit2/WebProcess/WebPage/WebPage.h 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/WebProcess/WebPage/WebPage.h 2016-10-22 03:35:04 UTC (rev 207704)
@@ -1171,6 +1171,7 @@
void userMediaAccessWasDenied(uint64_t userMediaID, uint64_t reason, String invalidConstraint);
void didCompleteMediaDeviceEnumeration(uint64_t userMediaID, const Vector<WebCore::CaptureDevice>& devices, const String& deviceIdentifierHashSalt, bool originHasPersistentAccess);
+ void grantUserMediaDevicesSandboxExtension(const SandboxExtension::HandleArray&);
#endif
void advanceToNextMisspelling(bool startBeforeSelection);
Modified: trunk/Source/WebKit2/WebProcess/WebPage/WebPage.messages.in (207703 => 207704)
--- trunk/Source/WebKit2/WebProcess/WebPage/WebPage.messages.in 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/WebProcess/WebPage/WebPage.messages.in 2016-10-22 03:35:04 UTC (rev 207704)
@@ -291,6 +291,7 @@
UserMediaAccessWasGranted(uint64_t userMediaID, String audioDeviceUID, String videoDeviceUID)
UserMediaAccessWasDenied(uint64_t userMediaID, uint64_t reason, String invalidConstraint)
DidCompleteMediaDeviceEnumeration(uint64_t userMediaID, Vector<WebCore::CaptureDevice> devices, String mediaDeviceIdentifierHashSalt, bool hasPersistentAccess)
+ GrantUserMediaDevicesSandboxExtension(WebKit::SandboxExtension::HandleArray sandboxExtensionHandle)
#endif
# Notification
Modified: trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (207703 => 207704)
--- trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-10-22 02:47:18 UTC (rev 207703)
+++ trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-10-22 03:35:04 UTC (rev 207704)
@@ -318,3 +318,83 @@
;; Data Detectors
(allow file-read* (subpath "/private/var/db/datadetectors/sys"))
+
+;; Media capture, utilities
+(if (not (defined? 'sbpl-filter?))
+ (define (sbpl-filter? x)
+ (and (list? x)
+ (eq? (car x) 'filter))))
+
+(macro (with-filter form)
+ (let* ((ps (cdr form))
+ (extra-filter (car ps))
+ (rules (cdr ps)))
+ `(letrec
+ ((collect
+ (lambda (l filters non-filters)
+ (if (null? l)
+ (list filters non-filters)
+ (let*
+ ((x (car l))
+ (rest (cdr l)))
+ (if (sbpl-filter? x)
+ (collect rest (cons x filters) non-filters)
+ (collect rest filters (cons x non-filters)))))))
+ (inject-filter
+ (lambda args
+ (let* ((collected (collect args '() '()))
+ (filters (car collected))
+ (non-filters (cadr collected)))
+ (if (null? filters)
+ (cons ,extra-filter non-filters)
+ (cons (require-all (apply require-any filters) ,extra-filter) non-filters)))))
+ (orig-allow allow)
+ (orig-deny deny)
+ (wrapper
+ (lambda (action)
+ (lambda args (apply action (apply inject-filter args))))))
+ (set! allow (wrapper orig-allow))
+ (set! deny (wrapper orig-deny))
+ ,@rules
+ (set! deny orig-deny)
+ (set! allow orig-allow))))
+
+(define (home-library-preferences-regex home-library-preferences-relative-regex)
+ (regex (string-append "^" (regex-quote (param "HOME_LIBRARY_PREFERENCES_DIR")) home-library-preferences-relative-regex)))
+
+(define (home-library-preferences-literal home-library-preferences-relative-literal)
+ (literal (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-literal)))
+
+(define (shared-preferences-read . domains)
+ (for-each (lambda (domain)
+ (begin
+ (if (defined? `user-preference-read)
+ (allow user-preference-read (preference-domain domain)))
+ ; (Temporary) backward compatibility with non-CFPreferences readers.
+ (allow file-read*
+ (literal (string-append "/Library/Preferences/" domain ".plist"))
+ (home-library-preferences-literal (string-append "/" domain ".plist"))
+ (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
+ domains))
+
+;; Media capture, microphone access
+(with-filter (extension "com.apple.webkit.microphone")
+ (allow device-microphone))
+
+;; Media capture, camera access
+(with-filter (extension "com.apple.webkit.camera")
+ (shared-preferences-read "com.apple.coremedia")
+ (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
+ (allow mach-lookup
+ (global-name "com.apple.cmio.AppleCameraAssistant")
+ ;; Apple DAL assistants
+ (global-name "com.apple.cmio.VDCAssistant")
+ (global-name "com.apple.cmio.AVCAssistant")
+ (global-name "com.apple.cmio.IIDCVideoAssistant")
+ ;; QuickTimeIIDCDigitizer assistant
+ (global-name "com.apple.IIDCAssistant"))
+ (allow iokit-open
+ ;; QuickTimeUSBVDCDigitizer
+ (iokit-user-client-class "IOUSBDeviceUserClientV2")
+ (iokit-user-client-class "IOUSBInterfaceUserClientV2"))
+ (allow device-camera))