Remove access to keychain from the WebContent process
authorjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Apr 2018 23:51:56 +0000 (23:51 +0000)
committerjiewen_tan@apple.com <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Apr 2018 23:51:56 +0000 (23:51 +0000)
commit741c85e6be672bb4798d4663152be9288501c84a
tree3e4dd623c8f8d230e27c06c460f9592d61ff283a
parentf593bc2e2866af55a5a628c1457e873a6c128650
Remove access to keychain from the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=184428
<rdar://problem/13150903>

Reviewed by Brent Fulgham.

Part 1.

Remove com.apple.identities from WebContent-iOS.entitlements, which is needed to encode/decode NSError’s userInfo[NSErrorClientCertificateChainKey]
when the corresponding NSErorr is relayed through WebContent Process from Networking Process to UI Process after a HTTPS client certificate
authentication is rejected becuase of bad certificates. This patch implements corresponding workarounds as well. The workaround works for mac, too.

Sadly, this change can only be tested manually at this moment. Please refer to the radar for testing steps.

* Configurations/WebContent-iOS.entitlements:
* Shared/mac/WebCoreArgumentCodersMac.mm:
(IPC::encodeNSError):
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitialize):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@230827 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebKit/ChangeLog
Source/WebKit/Configurations/WebContent-iOS.entitlements
Source/WebKit/Shared/mac/WebCoreArgumentCodersMac.mm
Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm