[macOS] Add JIT entitlements to WebContent process and plugin process on macOS
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 May 2018 19:46:56 +0000 (19:46 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 31 May 2018 19:46:56 +0000 (19:46 +0000)
https://bugs.webkit.org/show_bug.cgi?id=184485
<rdar://problem/37556535>

Reviewed by Dan Bernstein.

This patch builds on the changes from Bug 185526 to add support for a JIT entitlement. It makes the
following changes:

1. Adds a new 'WebContent-OSX.entitlements file that unconditionally adds the JIT entitlement for all builds.
2. Modifies the PluginService.entitlements to unconditionally add the JIT entitlement.

* Configurations/PluginService.entitlements: Updated to add the JIT entitlement.
* Configurations/WebContent-OSX.entitlements: Updated to add the JIT entitlement.
* Configurations/WebContentService.xcconfig: Updated to use the new 'WebContent-OSX.entitlements' file.
* WebKit.xcodeproj/project.pbxproj:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@232364 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/Configurations/PluginService.entitlements
Source/WebKit/Configurations/WebContent-OSX.entitlements [new file with mode: 0644]
Source/WebKit/Configurations/WebContentService.xcconfig
Source/WebKit/WebKit.xcodeproj/project.pbxproj

index 64e4962..c3805cd 100644 (file)
@@ -1,5 +1,24 @@
 2018-05-31  Brent Fulgham  <bfulgham@apple.com>
 
+        [macOS] Add JIT entitlements to WebContent process and plugin process on macOS
+        https://bugs.webkit.org/show_bug.cgi?id=184485
+        <rdar://problem/37556535>
+
+        Reviewed by Dan Bernstein.
+
+        This patch builds on the changes from Bug 185526 to add support for a JIT entitlement. It makes the
+        following changes:
+
+        1. Adds a new 'WebContent-OSX.entitlements file that unconditionally adds the JIT entitlement for all builds.
+        2. Modifies the PluginService.entitlements to unconditionally add the JIT entitlement.
+
+        * Configurations/PluginService.entitlements: Updated to add the JIT entitlement.
+        * Configurations/WebContent-OSX.entitlements: Updated to add the JIT entitlement.
+        * Configurations/WebContentService.xcconfig: Updated to use the new 'WebContent-OSX.entitlements' file.
+        * WebKit.xcodeproj/project.pbxproj:
+
+2018-05-31  Brent Fulgham  <bfulgham@apple.com>
+
         Don't attempt to extend sandbox when running tests with mock media devices
         https://bugs.webkit.org/show_bug.cgi?id=186150
         <rdar://problem/40690875>
index dba7af5..25e58ca 100644 (file)
@@ -2,6 +2,8 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+       <key>com.apple.security.cs.allow-jit</key>
+       <true/>
        <key>com.apple.security.print</key>
        <true/>
        <key>com.apple.security.files.user-selected.read-write</key>
diff --git a/Source/WebKit/Configurations/WebContent-OSX.entitlements b/Source/WebKit/Configurations/WebContent-OSX.entitlements
new file mode 100644 (file)
index 0000000..d35e43a
--- /dev/null
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+       <key>com.apple.security.cs.allow-jit</key>
+       <true/>
+</dict>
+</plist>
index 1602f21..c5af8c7 100644 (file)
@@ -32,7 +32,7 @@ WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE_appletvos = WebContent-iOS;
 WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE_appletvsimulator = WebContent-iOS;
 WK_XPC_SERVICE_IOS_ENTITLEMENTS_BASE_iphoneminimalsimulator = WebContent-iOS-minimalsimulator;
 
-CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO = $(CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT));
+CODE_SIGN_ENTITLEMENTS_COCOA_TOUCH_NO = Configurations/WebContent-OSX.entitlements;
 OTHER_CODE_SIGN_FLAGS = $(WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS);
 
 PRODUCT_NAME = $(PRODUCT_NAME_$(WK_XPC_SERVICE_VARIANT));
index b519ff6..50be83f 100644 (file)
                7AF2361E1E79A3B400438A05 /* WebErrors.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebErrors.cpp; sourceTree = "<group>"; };
                7AF2361F1E79A3D800438A05 /* WebErrors.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebErrors.h; sourceTree = "<group>"; };
                7AF236221E79A43100438A05 /* WebErrorsCocoa.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WebErrorsCocoa.mm; sourceTree = "<group>"; };
+               7AF66E1120C07CB6007828EA /* WebContent-OSX.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = "WebContent-OSX.entitlements"; sourceTree = "<group>"; };
                7C065F291C8CD95F00C2D950 /* WebUserContentControllerDataTypes.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebUserContentControllerDataTypes.cpp; sourceTree = "<group>"; };
                7C065F2A1C8CD95F00C2D950 /* WebUserContentControllerDataTypes.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebUserContentControllerDataTypes.h; sourceTree = "<group>"; };
                7C0BB9A818DCDE890006C086 /* WebContent-iOS.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.xml; path = "WebContent-iOS.entitlements"; sourceTree = "<group>"; };
                                1A4F976E100E7B6600637A18 /* Version.xcconfig */,
                                7C0BB9A818DCDE890006C086 /* WebContent-iOS.entitlements */,
                                37B418EB1C9624F20031E63B /* WebContent-OSX-restricted.entitlements */,
+                               7AF66E1120C07CB6007828EA /* WebContent-OSX.entitlements */,
                                372EBB4A2017E76000085064 /* WebContentService.Development.xcconfig */,
                                BCACC40E16B0B8A800B6E092 /* WebContentService.xcconfig */,
                                BCB86F4B116AAACD00CE20B7 /* WebKit.xcconfig */,