[iOS] Block the accessibility server when accessibility is not enabled.
authorpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Mar 2019 20:27:24 +0000 (20:27 +0000)
committerpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 15 Mar 2019 20:27:24 +0000 (20:27 +0000)
commit36d2b0466aae8a28686cb48177deb0df387a86ba
treef1ff49b21312d870061fc0cc2b05db89b0060b2a
parentbbc1f797c1ae9e56ba7f8f64a8f9077ea050a133
[iOS] Block the accessibility server when accessibility is not enabled.
https://bugs.webkit.org/show_bug.cgi?id=195342

Reviewed by Brent Fulgham.

Source/WebKit:

By default, block the iOS accessibility server in the sandbox. If accessibility is enabled,
let the UI process issue a mach extension to the WebContent process. The UI process will
issue the mach extension the the WebContent process by its process identifier. The sandbox
extension handle is sent to the WebContent process to be consumed. The message will be sent
when the WebProcess has finished launching, and also when accessibility is turned on.

* Platform/spi/ios/AccessibilitySupportSPI.h:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
* Shared/SandboxExtension.h:
* Shared/mac/SandboxExtensionMac.mm:
(WebKit::SandboxExtensionImpl::create):
(WebKit::SandboxExtensionImpl::sandboxExtensionForType):
(WebKit::SandboxExtensionImpl::SandboxExtensionImpl):
(WebKit::SandboxExtension::createHandleForMachLookupByPid):
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::registerNotificationObservers):
(WebKit::WebProcessPool::unregisterNotificationObservers):
* UIProcess/WebProcessPool.h:
* UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::didFinishLaunching):
* UIProcess/WebProcessProxy.h:
* UIProcess/ios/WebProcessProxyIOS.mm:
(WebKit::WebProcessProxy::unblockAccessibilityServerIfNeeded):
* WebProcess/WebProcess.cpp:
(WebKit::WebProcess::unblockAccessibilityServer):
* WebProcess/WebProcess.h:
* WebProcess/WebProcess.messages.in:

Source/WTF:

Add SPI to issue a mach extension to a process by pid.

* wtf/spi/darwin/SandboxSPI.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243008 268f45cc-cd09-0410-ab3c-d52691b4dbfc
15 files changed:
Source/WTF/ChangeLog
Source/WTF/wtf/spi/darwin/SandboxSPI.h
Source/WebKit/ChangeLog
Source/WebKit/Platform/spi/ios/AccessibilitySupportSPI.h
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
Source/WebKit/Shared/SandboxExtension.h
Source/WebKit/Shared/mac/SandboxExtensionMac.mm
Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
Source/WebKit/UIProcess/WebProcessPool.h
Source/WebKit/UIProcess/WebProcessProxy.cpp
Source/WebKit/UIProcess/WebProcessProxy.h
Source/WebKit/UIProcess/ios/WebProcessProxyIOS.mm
Source/WebKit/WebProcess/WebProcess.cpp
Source/WebKit/WebProcess/WebProcess.h
Source/WebKit/WebProcess/WebProcess.messages.in