Diff
Modified: tags/Safari-607.1.12.2/Source/WebKit/ChangeLog (237814 => 237815)
--- tags/Safari-607.1.12.2/Source/WebKit/ChangeLog 2018-11-05 18:09:33 UTC (rev 237814)
+++ tags/Safari-607.1.12.2/Source/WebKit/ChangeLog 2018-11-05 18:09:39 UTC (rev 237815)
@@ -1,3 +1,59 @@
+2018-11-05 Alan Coon <alanc...@apple.com>
+
+ Cherry-pick r237774. rdar://problem/45377609
+
+ Mac production builds should sign the network process xpc service with entitlements
+ https://bugs.webkit.org/show_bug.cgi?id=191209
+ <rdar://problem/45377609>
+
+ Reviewed by Geoff Garen.
+
+ Source/WebKit:
+
+ * Configurations/Network-OSX.entitlements: Copied from Configurations/Network-OSX-sandbox.entitlements.
+ * Configurations/NetworkService.xcconfig:
+ Set CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO like we do for the web process,
+ except with the corresponoding network process entitlements file.
+ * UIProcess/API/Cocoa/WKProcessPool.mm:
+ (-[WKProcessPool _networkProcessHasEntitlementForTesting:]):
+ * UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::networkProcessHasEntitlementForTesting):
+ * UIProcess/WebProcessPool.h:
+ * WebKit.xcodeproj/project.pbxproj:
+ Add infrastructure to test that the network process actually has an entitlement.
+
+ Tools:
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm: Added.
+ (TEST):
+
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@237774 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-11-03 Alex Christensen <achristen...@webkit.org>
+
+ Mac production builds should sign the network process xpc service with entitlements
+ https://bugs.webkit.org/show_bug.cgi?id=191209
+ <rdar://problem/45377609>
+
+ Reviewed by Geoff Garen.
+
+ * Configurations/Network-OSX.entitlements: Copied from Configurations/Network-OSX-sandbox.entitlements.
+ * Configurations/NetworkService.xcconfig:
+ Set CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO like we do for the web process,
+ except with the corresponoding network process entitlements file.
+ * UIProcess/API/Cocoa/WKProcessPool.mm:
+ (-[WKProcessPool _networkProcessHasEntitlementForTesting:]):
+ * UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::networkProcessHasEntitlementForTesting):
+ * UIProcess/WebProcessPool.h:
+ * WebKit.xcodeproj/project.pbxproj:
+ Add infrastructure to test that the network process actually has an entitlement.
+
2018-10-31 Antti Koivisto <an...@apple.com>
Stop using LayerFlushScheduler in WK2
Added: tags/Safari-607.1.12.2/Source/WebKit/Configurations/Network-OSX.entitlements (0 => 237815)
--- tags/Safari-607.1.12.2/Source/WebKit/Configurations/Network-OSX.entitlements (rev 0)
+++ tags/Safari-607.1.12.2/Source/WebKit/Configurations/Network-OSX.entitlements 2018-11-05 18:09:39 UTC (rev 237815)
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict/>
+</plist>
Modified: tags/Safari-607.1.12.2/Source/WebKit/Configurations/NetworkService.xcconfig (237814 => 237815)
--- tags/Safari-607.1.12.2/Source/WebKit/Configurations/NetworkService.xcconfig 2018-11-05 18:09:33 UTC (rev 237814)
+++ tags/Safari-607.1.12.2/Source/WebKit/Configurations/NetworkService.xcconfig 2018-11-05 18:09:39 UTC (rev 237815)
@@ -32,6 +32,7 @@
WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE_appletvsimulator = Network-iOS;
WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE_iosmac = Network-iOS-minimalsimulator;
+CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO = Configurations/Network-OSX.entitlements;
OTHER_CODE_SIGN_FLAGS = $(WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS);
PRODUCT_NAME = com.apple.WebKit.Networking;
Modified: tags/Safari-607.1.12.2/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm (237814 => 237815)
--- tags/Safari-607.1.12.2/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm 2018-11-05 18:09:33 UTC (rev 237814)
+++ tags/Safari-607.1.12.2/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm 2018-11-05 18:09:39 UTC (rev 237815)
@@ -584,6 +584,11 @@
return [array autorelease];
}
+- (BOOL)_networkProcessHasEntitlementForTesting:(NSString *)entitlement
+{
+ return _processPool->networkProcessHasEntitlementForTesting(entitlement);
+}
+
@end
#endif // WK_API_ENABLED
Modified: tags/Safari-607.1.12.2/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h (237814 => 237815)
--- tags/Safari-607.1.12.2/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h 2018-11-05 18:09:33 UTC (rev 237814)
+++ tags/Safari-607.1.12.2/Source/WebKit/UIProcess/API/Cocoa/WKProcessPoolPrivate.h 2018-11-05 18:09:39 UTC (rev 237815)
@@ -114,6 +114,7 @@
- (void)_registerURLSchemeServiceWorkersCanHandle:(NSString *)scheme WK_API_AVAILABLE(macosx(10.13.4), ios(11.3));
- (void)_setMaximumNumberOfProcesses:(NSUInteger)value WK_API_AVAILABLE(macosx(10.13.4), ios(11.3));
- (NSArray<NSString *> *)_getActivePagesOriginsInWebProcessForTesting:(pid_t)pid WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA));
+- (BOOL)_networkProcessHasEntitlementForTesting:(NSString *)entitlement WK_API_AVAILABLE(macosx(WK_MAC_TBA), ios(WK_IOS_TBA));
@property (nonatomic, getter=_isCookieStoragePartitioningEnabled, setter=_setCookieStoragePartitioningEnabled:) BOOL _cookieStoragePartitioningEnabled WK_API_DEPRECATED("Partitioned cookies are no longer supported", macosx(10.12.3, WK_MAC_TBA), ios(10.3, WK_IOS_TBA));
@property (nonatomic, getter=_isStorageAccessAPIEnabled, setter=_setStorageAccessAPIEnabled:) BOOL _storageAccessAPIEnabled WK_API_AVAILABLE(macosx(10.13.4), ios(11.3));
Modified: tags/Safari-607.1.12.2/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (237814 => 237815)
--- tags/Safari-607.1.12.2/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2018-11-05 18:09:33 UTC (rev 237814)
+++ tags/Safari-607.1.12.2/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2018-11-05 18:09:39 UTC (rev 237815)
@@ -53,6 +53,7 @@
#import <pal/spi/cocoa/NSKeyedArchiverSPI.h>
#import <sys/param.h>
#import <wtf/ProcessPrivilege.h>
+#import <wtf/cocoa/Entitlements.h>
#import <wtf/spi/darwin/dyldSPI.h>
#if PLATFORM(MAC)
@@ -385,6 +386,11 @@
return !m_userObservablePageCounter.value() && !m_processSuppressionDisabledForPageCounter.value();
}
+bool WebProcessPool::networkProcessHasEntitlementForTesting(const String& entitlement)
+{
+ return WTF::hasEntitlement(ensureNetworkProcess().connection()->xpcConnection(), entitlement.utf8().data());
+}
+
void WebProcessPool::registerNotificationObservers()
{
#if !PLATFORM(IOS_FAMILY)
Modified: tags/Safari-607.1.12.2/Source/WebKit/UIProcess/WebProcessPool.h (237814 => 237815)
--- tags/Safari-607.1.12.2/Source/WebKit/UIProcess/WebProcessPool.h 2018-11-05 18:09:33 UTC (rev 237814)
+++ tags/Safari-607.1.12.2/Source/WebKit/UIProcess/WebProcessPool.h 2018-11-05 18:09:39 UTC (rev 237815)
@@ -216,6 +216,7 @@
ProcessID networkProcessIdentifier();
Vector<String> activePagesOriginsInWebProcessForTesting(ProcessID);
+ bool networkProcessHasEntitlementForTesting(const String&);
WebPageGroup& defaultPageGroup() { return m_defaultPageGroup.get(); }
Modified: tags/Safari-607.1.12.2/Source/WebKit/WebKit.xcodeproj/project.pbxproj (237814 => 237815)
--- tags/Safari-607.1.12.2/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2018-11-05 18:09:33 UTC (rev 237814)
+++ tags/Safari-607.1.12.2/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2018-11-05 18:09:39 UTC (rev 237815)
@@ -3410,6 +3410,7 @@
5C74300E21500492004BFA17 /* WKWebProcess.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKWebProcess.h; sourceTree = "<group>"; };
5C74300F21500492004BFA17 /* WKWebProcess.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WKWebProcess.cpp; sourceTree = "<group>"; };
5C7706731D111D8B0012700F /* WebSocketProvider.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebSocketProvider.cpp; path = Network/WebSocketProvider.cpp; sourceTree = "<group>"; };
+ 5C7ACFD1218DD8BD004CBB59 /* Network-OSX.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = "Network-OSX.entitlements"; sourceTree = "<group>"; };
5C7C88DC1D0F41A0009D2F6D /* WebSocketProvider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebSocketProvider.h; path = Network/WebSocketProvider.h; sourceTree = "<group>"; };
5C84CF901F96AC4E00B6705A /* NetworkSessionCreationParameters.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NetworkSessionCreationParameters.h; sourceTree = "<group>"; };
5C85C7861C3F23C50061A4FA /* PendingDownload.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = PendingDownload.cpp; sourceTree = "<group>"; };
@@ -4768,6 +4769,7 @@
37119A7D20CCB64E002C6DC9 /* Network-iOS-minimalsimulator.entitlements */,
7C0BB9A918DCDF5A0006C086 /* Network-iOS.entitlements */,
41D0FC7D20E43A5100076AE8 /* Network-OSX-sandbox.entitlements */,
+ 5C7ACFD1218DD8BD004CBB59 /* Network-OSX.entitlements */,
BC8283AB16B4BEAD00A278FE /* NetworkService.xcconfig */,
A1EDD2DB1884B96400BBFE98 /* PluginProcessShim.xcconfig */,
BC8283F216B4FC5300A278FE /* PluginService.32.xcconfig */,
Modified: tags/Safari-607.1.12.2/Tools/ChangeLog (237814 => 237815)
--- tags/Safari-607.1.12.2/Tools/ChangeLog 2018-11-05 18:09:33 UTC (rev 237814)
+++ tags/Safari-607.1.12.2/Tools/ChangeLog 2018-11-05 18:09:39 UTC (rev 237815)
@@ -1,5 +1,52 @@
2018-11-05 Alan Coon <alanc...@apple.com>
+ Cherry-pick r237774. rdar://problem/45377609
+
+ Mac production builds should sign the network process xpc service with entitlements
+ https://bugs.webkit.org/show_bug.cgi?id=191209
+ <rdar://problem/45377609>
+
+ Reviewed by Geoff Garen.
+
+ Source/WebKit:
+
+ * Configurations/Network-OSX.entitlements: Copied from Configurations/Network-OSX-sandbox.entitlements.
+ * Configurations/NetworkService.xcconfig:
+ Set CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO like we do for the web process,
+ except with the corresponoding network process entitlements file.
+ * UIProcess/API/Cocoa/WKProcessPool.mm:
+ (-[WKProcessPool _networkProcessHasEntitlementForTesting:]):
+ * UIProcess/API/Cocoa/WKProcessPoolPrivate.h:
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::networkProcessHasEntitlementForTesting):
+ * UIProcess/WebProcessPool.h:
+ * WebKit.xcodeproj/project.pbxproj:
+ Add infrastructure to test that the network process actually has an entitlement.
+
+ Tools:
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm: Added.
+ (TEST):
+
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@237774 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-11-03 Alex Christensen <achristen...@webkit.org>
+
+ Mac production builds should sign the network process xpc service with entitlements
+ https://bugs.webkit.org/show_bug.cgi?id=191209
+ <rdar://problem/45377609>
+
+ Reviewed by Geoff Garen.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm: Added.
+ (TEST):
+
+2018-11-05 Alan Coon <alanc...@apple.com>
+
Cherry-pick r237711. rdar://problem/44176965
In WebCore::ResourceLoadObserver, use document.sessionID().isEphemeral() when possible and check for page existence when not
Modified: tags/Safari-607.1.12.2/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (237814 => 237815)
--- tags/Safari-607.1.12.2/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2018-11-05 18:09:33 UTC (rev 237814)
+++ tags/Safari-607.1.12.2/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2018-11-05 18:09:39 UTC (rev 237815)
@@ -281,6 +281,7 @@
5C7964101EB0278D0075D74C /* EventModifiers.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 5C79640F1EB0269B0075D74C /* EventModifiers.cpp */; };
5C7C74CB1FB529BA002F9ABE /* WebViewScheduleInRunLoop.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C7C74CA1FB528D4002F9ABE /* WebViewScheduleInRunLoop.mm */; };
5C838F7F1DB04F900082858F /* LoadInvalidURLRequest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 57901FAE1CAF137100ED64F9 /* LoadInvalidURLRequest.mm */; };
+ 5C8BC799218CF44700813886 /* NetworkProcess.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C8BC798218CF3E900813886 /* NetworkProcess.mm */; };
5C973F5C1F58EF8B00359C27 /* WebGLPolicy.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C973F5B1F58EF0A00359C27 /* WebGLPolicy.mm */; };
5C9E56851DF9145400C9EE33 /* WebsitePolicies.mm in Sources */ = {isa = PBXBuildFile; fileRef = 5C9E56841DF9143D00C9EE33 /* WebsitePolicies.mm */; };
5C9E56871DF914AE00C9EE33 /* contentBlockerCheck.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5C9E56861DF9148E00C9EE33 /* contentBlockerCheck.html */; };
@@ -1588,6 +1589,7 @@
5C726D6E1D3EE06800C5E1A1 /* InstanceMethodSwizzler.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = InstanceMethodSwizzler.mm; path = cocoa/InstanceMethodSwizzler.mm; sourceTree = "<group>"; };
5C79640F1EB0269B0075D74C /* EventModifiers.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = EventModifiers.cpp; sourceTree = "<group>"; };
5C7C74CA1FB528D4002F9ABE /* WebViewScheduleInRunLoop.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebViewScheduleInRunLoop.mm; sourceTree = "<group>"; };
+ 5C8BC798218CF3E900813886 /* NetworkProcess.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = NetworkProcess.mm; sourceTree = "<group>"; };
5C973F5B1F58EF0A00359C27 /* WebGLPolicy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebGLPolicy.mm; sourceTree = "<group>"; };
5C9E56841DF9143D00C9EE33 /* WebsitePolicies.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebsitePolicies.mm; sourceTree = "<group>"; };
5C9E56861DF9148E00C9EE33 /* contentBlockerCheck.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = contentBlockerCheck.html; sourceTree = "<group>"; };
@@ -2393,6 +2395,7 @@
5165FE03201EE617009F7EC3 /* MessagePortProviders.mm */,
51CD1C6A1B38CE3600142CA5 /* ModalAlerts.mm */,
1ABC3DED1899BE6D004F0626 /* Navigation.mm */,
+ 5C8BC798218CF3E900813886 /* NetworkProcess.mm */,
5CAE4637201937CD0051610F /* NetworkProcessCrashNonPersistentDataStore.mm */,
CD2D0D19213465560018C784 /* NowPlaying.mm */,
2ECFF5541D9B12F800B55394 /* NowPlayingControlsTests.mm */,
@@ -3927,6 +3930,7 @@
7CCE7F011A411AE600447C4C /* MouseMoveAfterCrash.cpp in Sources */,
7CCE7F241A411AF600447C4C /* Navigation.mm in Sources */,
5C0BF8951DD599CD00B00328 /* NavigatorLanguage.mm in Sources */,
+ 5C8BC799218CF44700813886 /* NetworkProcess.mm in Sources */,
5CAE463820193B6A0051610F /* NetworkProcessCrashNonPersistentDataStore.mm in Sources */,
9B19CDA01F06DFE3000548DD /* NetworkProcessCrashWithPendingConnection.mm in Sources */,
7CCE7F021A411AE600447C4C /* NewFirstVisuallyNonEmptyLayout.cpp in Sources */,
Added: tags/Safari-607.1.12.2/Tools/TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm (0 => 237815)
--- tags/Safari-607.1.12.2/Tools/TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm (rev 0)
+++ tags/Safari-607.1.12.2/Tools/TestWebKitAPI/Tests/WebKitCocoa/NetworkProcess.mm 2018-11-05 18:09:39 UTC (rev 237815)
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2018 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#import "TestWKWebView.h"
+#import <WebKit/WKProcessPoolPrivate.h>
+#import <wtf/RetainPtr.h>
+
+#if WK_API_ENABLED
+
+TEST(WebKit, NetworkProcessEntitlements)
+{
+ auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:[[[WKWebViewConfiguration alloc] init] autorelease]]);
+ [webView synchronouslyLoadTestPageNamed:@"simple"];
+ WKProcessPool *pool = [webView configuration].processPool;
+ bool hasEntitlement = [pool _networkProcessHasEntitlementForTesting:@"com.apple.rootless.storage.WebKitNetworkingSandbox"];
+#if PLATFORM(MAC) && USE(APPLE_INTERNAL_SDK)
+ EXPECT_TRUE(hasEntitlement);
+#else
+ EXPECT_FALSE(hasEntitlement);
+#endif
+ EXPECT_FALSE([pool _networkProcessHasEntitlementForTesting:@"test failure case"]);
+}
+
+#endif // WK_API_ENABLED
+
+