Add an entitlement check for service worker on iOS
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Feb 2018 22:05:06 +0000 (22:05 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 22 Feb 2018 22:05:06 +0000 (22:05 +0000)
https://bugs.webkit.org/show_bug.cgi?id=182865

Reviewed by Dan Bernstein.

Addressed Dan's comment by using xpc_connection_copy_entitlement_value instead of obtaining the audit token first.

* Shared/mac/SandboxUtilities.h:
* Shared/mac/SandboxUtilities.mm:
(WebKit::connectedProcessHasEntitlement):
* StorageProcess/ios/StorageProcessIOS.mm:
(WebKit::StorageProcess::parentProcessHasServiceWorkerEntitlement const):
* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::parentProcessHasServiceWorkerEntitlement const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@228933 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/Shared/mac/SandboxUtilities.h
Source/WebKit/Shared/mac/SandboxUtilities.mm
Source/WebKit/StorageProcess/ios/StorageProcessIOS.mm
Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm

index cf86f2c..9999424 100644 (file)
@@ -1,3 +1,20 @@
+2018-02-22  Ryosuke Niwa  <rniwa@webkit.org>
+
+        Add an entitlement check for service worker on iOS
+        https://bugs.webkit.org/show_bug.cgi?id=182865
+
+        Reviewed by Dan Bernstein.
+
+        Addressed Dan's comment by using xpc_connection_copy_entitlement_value instead of obtaining the audit token first.
+
+        * Shared/mac/SandboxUtilities.h:
+        * Shared/mac/SandboxUtilities.mm:
+        (WebKit::connectedProcessHasEntitlement):
+        * StorageProcess/ios/StorageProcessIOS.mm:
+        (WebKit::StorageProcess::parentProcessHasServiceWorkerEntitlement const):
+        * WebProcess/WebPage/ios/WebPageIOS.mm:
+        (WebKit::WebPage::parentProcessHasServiceWorkerEntitlement const):
+
 2018-02-22  Youenn Fablet  <youenn@apple.com>
 
         Fetch event release assert should take into account the fetch mode
index 2ccbdb9..4f5fbcd 100644 (file)
@@ -39,6 +39,6 @@ bool processHasContainer();
 String pathForProcessContainer();
 
 bool processHasEntitlement(NSString *entitlement);
-bool connectedProcessHasEntitlement(xpc_connection_t, NSString *entitlement);
+bool connectedProcessHasEntitlement(xpc_connection_t, const char *entitlement);
 
 }
index adf8a08..d386667 100644 (file)
@@ -28,6 +28,7 @@
 
 #import <array>
 #import <sys/param.h>
+#import <wtf/OSObjectPtr.h>
 #import <wtf/spi/cocoa/SecuritySPI.h>
 #import <wtf/spi/darwin/SandboxSPI.h>
 #import <wtf/spi/darwin/XPCSPI.h>
@@ -92,20 +93,13 @@ bool processHasEntitlement(NSString *entitlement)
     return CFBooleanGetValue(static_cast<CFBooleanRef>(value.get()));
 }
 
-bool connectedProcessHasEntitlement(xpc_connection_t connection, NSString *entitlement)
+bool connectedProcessHasEntitlement(xpc_connection_t connection, const char *entitlement)
 {
-    audit_token_t token;
-    xpc_connection_get_audit_token(connection, &token);
-    auto task = adoptCF(SecTaskCreateWithAuditToken(NULL, token));
-
-    auto value = adoptCF(SecTaskCopyValueForEntitlement(task.get(), (__bridge CFStringRef)entitlement, nullptr));
+    auto value = adoptOSObject(xpc_connection_copy_entitlement_value(connection, entitlement));
     if (!value)
         return false;
 
-    if (CFGetTypeID(value.get()) != CFBooleanGetTypeID())
-        return false;
-
-    return CFBooleanGetValue(static_cast<CFBooleanRef>(value.get()));
+    return xpc_get_type(value.get()) == XPC_TYPE_BOOL && xpc_bool_get_value(value.get());
 }
 
 }
index 568b831..ece0c10 100644 (file)
@@ -61,7 +61,7 @@ void StorageProcess::initializeSandbox(const ChildProcessInitializationParameter
 
 bool StorageProcess::parentProcessHasServiceWorkerEntitlement() const
 {
-    static bool hasEntitlement = connectedProcessHasEntitlement(parentProcessConnection()->xpcConnection(), @"com.apple.developer.WebKit.ServiceWorkers");
+    static bool hasEntitlement = connectedProcessHasEntitlement(parentProcessConnection()->xpcConnection(), "com.apple.developer.WebKit.ServiceWorkers");
     return hasEntitlement;
 }
 
index db139a9..8140195 100644 (file)
@@ -392,7 +392,7 @@ bool WebPage::handleEditingKeyboardEvent(KeyboardEvent* event)
 
 bool WebPage::parentProcessHasServiceWorkerEntitlement() const
 {
-    static bool hasEntitlement = connectedProcessHasEntitlement(WebProcess::singleton().parentProcessConnection()->xpcConnection(), @"com.apple.developer.WebKit.ServiceWorkers");
+    static bool hasEntitlement = connectedProcessHasEntitlement(WebProcess::singleton().parentProcessConnection()->xpcConnection(), "com.apple.developer.WebKit.ServiceWorkers");
     return hasEntitlement;
 }