Diff
Modified: branches/safari-610-branch/Source/WebKit/ChangeLog (268225 => 268226)
--- branches/safari-610-branch/Source/WebKit/ChangeLog 2020-10-08 23:28:24 UTC (rev 268225)
+++ branches/safari-610-branch/Source/WebKit/ChangeLog 2020-10-08 23:28:28 UTC (rev 268226)
@@ -1,5 +1,77 @@
2020-10-07 Alan Coon <alanc...@apple.com>
+ Cherry-pick r268012. rdar://problem/70056589
+
+ Disable media capture if an app's entitlements won't allow access to capture devices
+ https://bugs.webkit.org/show_bug.cgi?id=217319
+ <rdar://problem/69956112>
+
+ Reviewed by Youenn Fablet.
+
+ Source/WebKit:
+
+ No new tests, tested manually with MiniBrowser and Safari.
+
+ * UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm:
+ (WebKit::UserMediaPermissionRequestManagerProxy::permittedToCaptureAudio): If the
+ app is sandboxed, check for the entitlement required for audio capture. Don't
+ bother checking for usage string if TCC has already authorized capture.
+ (WebKit::UserMediaPermissionRequestManagerProxy::permittedToCaptureVideo): Ditto
+ for video capture.
+
+ * UIProcess/Cocoa/WebPreferencesCocoa.mm:
+ (WebKit::WebPreferences::platformInitializeStore): Initialize `mediaDevicesEnabled`
+ manually because its default value is always `false` in the WebProcess and may be
+ `true` in the UIProcess. WebPreferences assumes the default will always be the same
+ in both processes, and so has an optimization that only sends values to the
+ WebProcess if they differ from the default value. This means if the default in the
+ UIProcess is true it won't be pushed to the WebProcess, so capture won't work.
+
+ * Platform/spi/ios/TCCSPI.h: Update TCCAccessPreflightResult.
+
+ Tools:
+
+ * MiniBrowser/MiniBrowser.xcodeproj/project.pbxproj:
+ * MiniBrowser/mac/AppDelegate.m:
+ (-[BrowserAppDelegate defaultConfiguration]): Don't set configuration._mediaCaptureEnabled,
+ it should no longer be necessary.
+
+ * MiniBrowser/mac/Info.plist: Remove unneeded keys.
+
+ * MobileMiniBrowser/MobileMiniBrowser/Info.plist: Ditto. Add usage strings.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268012 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-10-05 Eric Carlson <eric.carl...@apple.com>
+
+ Disable media capture if an app's entitlements won't allow access to capture devices
+ https://bugs.webkit.org/show_bug.cgi?id=217319
+ <rdar://problem/69956112>
+
+ Reviewed by Youenn Fablet.
+
+ No new tests, tested manually with MiniBrowser and Safari.
+
+ * UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm:
+ (WebKit::UserMediaPermissionRequestManagerProxy::permittedToCaptureAudio): If the
+ app is sandboxed, check for the entitlement required for audio capture. Don't
+ bother checking for usage string if TCC has already authorized capture.
+ (WebKit::UserMediaPermissionRequestManagerProxy::permittedToCaptureVideo): Ditto
+ for video capture.
+
+ * UIProcess/Cocoa/WebPreferencesCocoa.mm:
+ (WebKit::WebPreferences::platformInitializeStore): Initialize `mediaDevicesEnabled`
+ manually because its default value is always `false` in the WebProcess and may be
+ `true` in the UIProcess. WebPreferences assumes the default will always be the same
+ in both processes, and so has an optimization that only sends values to the
+ WebProcess if they differ from the default value. This means if the default in the
+ UIProcess is true it won't be pushed to the WebProcess, so capture won't work.
+
+ * Platform/spi/ios/TCCSPI.h: Update TCCAccessPreflightResult.
+
+2020-10-07 Alan Coon <alanc...@apple.com>
+
Cherry-pick r267844. rdar://problem/70056601
Prevent media capture unless the application has correct data for system permission prompt
Modified: branches/safari-610-branch/Source/WebKit/Platform/spi/ios/TCCSPI.h (268225 => 268226)
--- branches/safari-610-branch/Source/WebKit/Platform/spi/ios/TCCSPI.h 2020-10-08 23:28:24 UTC (rev 268225)
+++ branches/safari-610-branch/Source/WebKit/Platform/spi/ios/TCCSPI.h 2020-10-08 23:28:28 UTC (rev 268226)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2020 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -30,7 +30,8 @@
#else
typedef enum {
- kTCCAccessPreflightDenied = 1,
+ kTCCAccessPreflightGranted,
+ kTCCAccessPreflightDenied,
} TCCAccessPreflightResult;
#endif
Modified: branches/safari-610-branch/Source/WebKit/UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm (268225 => 268226)
--- branches/safari-610-branch/Source/WebKit/UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm 2020-10-08 23:28:24 UTC (rev 268225)
+++ branches/safari-610-branch/Source/WebKit/UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm 2020-10-08 23:28:28 UTC (rev 268226)
@@ -26,11 +26,43 @@
#import "config.h"
#import "UserMediaPermissionRequestManagerProxy.h"
+#import "SandboxUtilities.h"
+#import "TCCSPI.h"
+#import <wtf/SoftLinking.h>
+#import <wtf/spi/darwin/SandboxSPI.h>
+
+SOFT_LINK_PRIVATE_FRAMEWORK(TCC)
+SOFT_LINK(TCC, TCCAccessPreflight, TCCAccessPreflightResult, (CFStringRef service, CFDictionaryRef options), (service, options))
+SOFT_LINK(TCC, TCCAccessPreflightWithAuditToken, TCCAccessPreflightResult, (CFStringRef service, audit_token_t token, CFDictionaryRef options), (service, token, options))
+SOFT_LINK_CONSTANT(TCC, kTCCServiceMicrophone, CFStringRef)
+SOFT_LINK_CONSTANT(TCC, kTCCServiceCamera, CFStringRef)
+
namespace WebKit {
bool UserMediaPermissionRequestManagerProxy::permittedToCaptureAudio()
{
#if ENABLE(MEDIA_STREAM)
+
+#if PLATFORM(MAC)
+ static std::once_flag onceFlag;
+ static bool entitled = true;
+ std::call_once(onceFlag, [] {
+ if (!currentProcessIsSandboxed())
+ return;
+
+ int result = sandbox_check(getpid(), "device-microphone", SANDBOX_FILTER_NONE);
+ entitled = !result;
+ if (result == -1)
+ WTFLogAlways("Error checking 'device-microphone' sandbox access, errno=%ld", (long)errno);
+ });
+ if (!entitled)
+ return false;
+#endif // PLATFORM(MAC)
+
+ static TCCAccessPreflightResult access = TCCAccessPreflight(getkTCCServiceMicrophone(), NULL);
+ if (access == kTCCAccessPreflightGranted)
+ return true;
+
static bool isPermitted = dynamic_objc_cast<NSString>(NSBundle.mainBundle.infoDictionary[@"NSMicrophoneUsageDescription"]).length;
return isPermitted;
#else
@@ -41,6 +73,27 @@
bool UserMediaPermissionRequestManagerProxy::permittedToCaptureVideo()
{
#if ENABLE(MEDIA_STREAM)
+
+#if PLATFORM(MAC)
+ static std::once_flag onceFlag;
+ static bool entitled = true;
+ std::call_once(onceFlag, [] {
+ if (!currentProcessIsSandboxed())
+ return;
+
+ int result = sandbox_check(getpid(), "device-camera", SANDBOX_FILTER_NONE);
+ entitled = !result;
+ if (result == -1)
+ WTFLogAlways("Error checking 'device-camera' sandbox access, errno=%ld", (long)errno);
+ });
+ if (!entitled)
+ return false;
+#endif // PLATFORM(MAC)
+
+ static TCCAccessPreflightResult access = TCCAccessPreflight(getkTCCServiceCamera(), NULL);
+ if (access == kTCCAccessPreflightGranted)
+ return true;
+
static bool isPermitted = dynamic_objc_cast<NSString>(NSBundle.mainBundle.infoDictionary[@"NSCameraUsageDescription"]).length;
return isPermitted;
#else
Modified: branches/safari-610-branch/Source/WebKit/UIProcess/Cocoa/WebPreferencesCocoa.mm (268225 => 268226)
--- branches/safari-610-branch/Source/WebKit/UIProcess/Cocoa/WebPreferencesCocoa.mm 2020-10-08 23:28:24 UTC (rev 268225)
+++ branches/safari-610-branch/Source/WebKit/UIProcess/Cocoa/WebPreferencesCocoa.mm 2020-10-08 23:28:28 UTC (rev 268226)
@@ -30,6 +30,10 @@
#import "WebPreferencesKeys.h"
#import <wtf/text/StringConcatenate.h>
+#if ENABLE(MEDIA_STREAM)
+#include "UserMediaPermissionRequestManagerProxy.h"
+#endif
+
namespace WebKit {
static inline NSString *makeKey(const String& identifier, const String& keyPrefix, const String& key)
@@ -139,6 +143,15 @@
void WebPreferences::platformInitializeStore()
{
@autoreleasepool {
+#if ENABLE(MEDIA_STREAM)
+ // NOTE: This is set here, and does not setting the default using the 'defaultValue' mechanism, because the
+ // 'defaultValue' must be the same in both the UIProcess and WebProcess, which may not be true for audio
+ // and video capture state as the WebProcess is not entitled to use the camera or microphone by default.
+ // If other preferences need to dynamically set the initial value based on host app state, we should extended
+ // the declarative format rather than adding more special cases here.
+ m_store.setBoolValueForKey(WebPreferencesKey::mediaDevicesEnabledKey(), UserMediaPermissionRequestManagerProxy::permittedToCaptureAudio() || UserMediaPermissionRequestManagerProxy::permittedToCaptureVideo());
+#endif
+
#define INITIALIZE_DEBUG_PREFERENCE_FROM_NSUSERDEFAULTS(KeyUpper, KeyLower, TypeName, Type, DefaultValue, HumanReadableName, HumanReadableDescription) \
setDebug##TypeName##ValueIfInUserDefaults(m_identifier, m_keyPrefix, m_globalDebugKeyPrefix, WebPreferencesKey::KeyLower##Key(), m_store);
Modified: branches/safari-610-branch/Tools/ChangeLog (268225 => 268226)
--- branches/safari-610-branch/Tools/ChangeLog 2020-10-08 23:28:24 UTC (rev 268225)
+++ branches/safari-610-branch/Tools/ChangeLog 2020-10-08 23:28:28 UTC (rev 268226)
@@ -1,5 +1,67 @@
2020-10-07 Alan Coon <alanc...@apple.com>
+ Cherry-pick r268012. rdar://problem/70056589
+
+ Disable media capture if an app's entitlements won't allow access to capture devices
+ https://bugs.webkit.org/show_bug.cgi?id=217319
+ <rdar://problem/69956112>
+
+ Reviewed by Youenn Fablet.
+
+ Source/WebKit:
+
+ No new tests, tested manually with MiniBrowser and Safari.
+
+ * UIProcess/Cocoa/UserMediaPermissionRequestManagerProxy.mm:
+ (WebKit::UserMediaPermissionRequestManagerProxy::permittedToCaptureAudio): If the
+ app is sandboxed, check for the entitlement required for audio capture. Don't
+ bother checking for usage string if TCC has already authorized capture.
+ (WebKit::UserMediaPermissionRequestManagerProxy::permittedToCaptureVideo): Ditto
+ for video capture.
+
+ * UIProcess/Cocoa/WebPreferencesCocoa.mm:
+ (WebKit::WebPreferences::platformInitializeStore): Initialize `mediaDevicesEnabled`
+ manually because its default value is always `false` in the WebProcess and may be
+ `true` in the UIProcess. WebPreferences assumes the default will always be the same
+ in both processes, and so has an optimization that only sends values to the
+ WebProcess if they differ from the default value. This means if the default in the
+ UIProcess is true it won't be pushed to the WebProcess, so capture won't work.
+
+ * Platform/spi/ios/TCCSPI.h: Update TCCAccessPreflightResult.
+
+ Tools:
+
+ * MiniBrowser/MiniBrowser.xcodeproj/project.pbxproj:
+ * MiniBrowser/mac/AppDelegate.m:
+ (-[BrowserAppDelegate defaultConfiguration]): Don't set configuration._mediaCaptureEnabled,
+ it should no longer be necessary.
+
+ * MiniBrowser/mac/Info.plist: Remove unneeded keys.
+
+ * MobileMiniBrowser/MobileMiniBrowser/Info.plist: Ditto. Add usage strings.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@268012 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-10-05 Eric Carlson <eric.carl...@apple.com>
+
+ Disable media capture if an app's entitlements won't allow access to capture devices
+ https://bugs.webkit.org/show_bug.cgi?id=217319
+ <rdar://problem/69956112>
+
+ Reviewed by Youenn Fablet.
+
+ * MiniBrowser/MiniBrowser.xcodeproj/project.pbxproj:
+ * MiniBrowser/mac/AppDelegate.m:
+ (-[BrowserAppDelegate defaultConfiguration]): Don't set configuration._mediaCaptureEnabled,
+ it should no longer be necessary.
+
+ * MiniBrowser/mac/Info.plist: Remove unneeded keys.
+
+ * MobileMiniBrowser/MobileMiniBrowser/Info.plist: Ditto. Add usage strings.
+
+2020-10-07 Alan Coon <alanc...@apple.com>
+
Cherry-pick r267844. rdar://problem/70056601
Prevent media capture unless the application has correct data for system permission prompt
Modified: branches/safari-610-branch/Tools/MiniBrowser/mac/AppDelegate.m (268225 => 268226)
--- branches/safari-610-branch/Tools/MiniBrowser/mac/AppDelegate.m 2020-10-08 23:28:24 UTC (rev 268225)
+++ branches/safari-610-branch/Tools/MiniBrowser/mac/AppDelegate.m 2020-10-08 23:28:28 UTC (rev 268226)
@@ -139,7 +139,6 @@
[configuration.preferences _setEnabled:enabled forInternalDebugFeature:feature];
}
- configuration._mediaCaptureEnabled = YES;
configuration.preferences._fullScreenEnabled = YES;
configuration.preferences._allowsPictureInPictureMediaPlayback = YES;
configuration.preferences._developerExtrasEnabled = YES;
Modified: branches/safari-610-branch/Tools/MiniBrowser/mac/Info.plist (268225 => 268226)
--- branches/safari-610-branch/Tools/MiniBrowser/mac/Info.plist 2020-10-08 23:28:24 UTC (rev 268225)
+++ branches/safari-610-branch/Tools/MiniBrowser/mac/Info.plist 2020-10-08 23:28:28 UTC (rev 268226)
@@ -52,10 +52,6 @@
<string>Editor</string>
</dict>
</array>
- <key>com.apple.security.device.camera</key>
- <true/>
- <key>com.apple.security.device.microphone</key>
- <true/>
<key>NSCameraUsageDescription</key>
<string>Recording random videos</string>
<key>NSMicrophoneUsageDescription</key>
Modified: branches/safari-610-branch/Tools/MobileMiniBrowser/MobileMiniBrowser/Info.plist (268225 => 268226)
--- branches/safari-610-branch/Tools/MobileMiniBrowser/MobileMiniBrowser/Info.plist 2020-10-08 23:28:24 UTC (rev 268225)
+++ branches/safari-610-branch/Tools/MobileMiniBrowser/MobileMiniBrowser/Info.plist 2020-10-08 23:28:28 UTC (rev 268226)
@@ -54,11 +54,9 @@
<key>NSAllowsArbitraryLoadsInWebContent</key>
<true/>
</dict>
- <key>com.apple.security.device.camera</key>
- <true/>
- <key>com.apple.security.device.microphone</key>
- <true/>
<key>NSCameraUsageDescription</key>
- <string>Camera usage description</string>
+ <string>Recording random videos</string>
+ <key>NSMicrophoneUsageDescription</key>
+ <string>Recording random audio</string>
</dict>
</plist>