[iOS] Block the accessibility server when accessibility is not enabled.
authorpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 16 Mar 2019 05:44:22 +0000 (05:44 +0000)
committerpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 16 Mar 2019 05:44:22 +0000 (05:44 +0000)
commit2aa014daa6e053063aaa20070f4ef08bfc598942
tree24eeb084606fa194ab537e2da9e1907244a85b33
parent4a574bbb9b7df496cc6e93452bba738881645292
[iOS] Block the accessibility server when accessibility is not enabled.
https://bugs.webkit.org/show_bug.cgi?id=195342

Reviewed by Brent Fulgham.

Source/WebKit:

By default, block the iOS accessibility server in the sandbox. If accessibility is enabled,
let the UI process issue a mach extension to the WebContent process. The UI process will
issue the mach extension the the WebContent process by its process identifier. The sandbox
extension handle is sent to the WebContent process to be consumed. The message will be sent
when the WebProcess has finished launching, and also when accessibility is turned on.

* Platform/spi/ios/AccessibilitySupportSPI.h:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
* Shared/SandboxExtension.h:
* Shared/mac/SandboxExtensionMac.mm:
(WebKit::SandboxExtensionImpl::create):
(WebKit::SandboxExtensionImpl::sandboxExtensionForType):
(WebKit::SandboxExtensionImpl::SandboxExtensionImpl):
(WebKit::SandboxExtension::createHandleForMachLookupByPid):
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::registerNotificationObservers):
(WebKit::WebProcessPool::unregisterNotificationObservers):
* UIProcess/WebProcessPool.h:
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::didFinishLaunching):
* UIProcess/WebProcessProxy.h:
* UIProcess/ios/WebProcessProxyIOS.mm:
(WebKit::WebProcessProxy::unblockAccessibilityServerIfNeeded):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::unblockAccessibilityServer):
* WebProcess/WebProcess.h:
* WebProcess/WebProcess.messages.in:

Source/WTF:

Add SPI to issue a mach extension to a process by pid. Also, add a macro for
the availability of this SPI.

* wtf/Platform.h:
* wtf/spi/darwin/SandboxSPI.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243034 268f45cc-cd09-0410-ab3c-d52691b4dbfc
16 files changed:
Source/WTF/ChangeLog
Source/WTF/wtf/Platform.h
Source/WTF/wtf/spi/darwin/SandboxSPI.h
Source/WebKit/ChangeLog
Source/WebKit/Platform/spi/ios/AccessibilitySupportSPI.h
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
Source/WebKit/Shared/SandboxExtension.h
Source/WebKit/Shared/mac/SandboxExtensionMac.mm
Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
Source/WebKit/UIProcess/WebProcessPool.h
Source/WebKit/UIProcess/WebProcessProxy.cpp
Source/WebKit/UIProcess/WebProcessProxy.h
Source/WebKit/UIProcess/ios/WebProcessProxyIOS.mm
Source/WebKit/WebProcess/WebProcess.cpp
Source/WebKit/WebProcess/WebProcess.h
Source/WebKit/WebProcess/WebProcess.messages.in