[Win] AVCF based media engine does not block cross-site/cross-domain loads.
authorpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 24 Oct 2016 20:47:04 +0000 (20:47 +0000)
committerpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 24 Oct 2016 20:47:04 +0000 (20:47 +0000)
https://bugs.webkit.org/show_bug.cgi?id=163783

Reviewed by Brent Fulgham.

Prevent cross-site/cross-domain loads by setting appropriate AVCF options.

No new tests; covered by media/video-canvas-source.html. Media tests are
currently skipped on Windows.

* platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h:
* platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
(WebCore::MediaPlayerPrivateAVFoundationCF::resolvedURL):
(WebCore::MediaPlayerPrivateAVFoundationCF::hasSingleSecurityOrigin):
(WebCore::AVFWrapper::createAssetForURL):
* platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@207775 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h
Source/WebCore/platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp
Source/WebCore/platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h

index 1b9f248..638794f 100644 (file)
@@ -1,3 +1,22 @@
+2016-10-24  Per Arne Vollan  <pvollan@apple.com>
+
+        [Win] AVCF based media engine does not block cross-site/cross-domain loads.
+        https://bugs.webkit.org/show_bug.cgi?id=163783
+
+        Reviewed by Brent Fulgham.
+
+        Prevent cross-site/cross-domain loads by setting appropriate AVCF options.
+
+        No new tests; covered by media/video-canvas-source.html. Media tests are
+        currently skipped on Windows.
+
+        * platform/graphics/avfoundation/cf/AVFoundationCFSoftLinking.h:
+        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.cpp:
+        (WebCore::MediaPlayerPrivateAVFoundationCF::resolvedURL):
+        (WebCore::MediaPlayerPrivateAVFoundationCF::hasSingleSecurityOrigin):
+        (WebCore::AVFWrapper::createAssetForURL):
+        * platform/graphics/avfoundation/cf/MediaPlayerPrivateAVFoundationCF.h:
+
 2016-10-24  Anders Carlsson  <andersca@apple.com>
 
         Fix build with newer versions of clang
index 624c697..ff77e0c 100644 (file)
@@ -225,6 +225,9 @@ SOFT_LINK_DLL_IMPORT(AVFoundationCF, AVCFURLAssetCopyAudiovisualMIMETypes, CFArr
 SOFT_LINK_DLL_IMPORT(AVFoundationCF, AVCFURLAssetCreateWithURLAndOptions, AVCFURLAssetRef, __cdecl, (CFAllocatorRef allocator, CFURLRef URL, CFDictionaryRef options, dispatch_queue_t notificationQueue), (allocator, URL, options, notificationQueue))
 #define AVCFURLAssetCreateWithURLAndOptions softLink_AVCFURLAssetCreateWithURLAndOptions
 
+SOFT_LINK_DLL_IMPORT(AVFoundationCF, AVCFAssetCopyResolvedURL, CFURLRef, __cdecl, (AVCFAssetRef asset), (asset));
+#define AVCFAssetCopyResolvedURL softLink_AVCFAssetCopyResolvedURL
+
 SOFT_LINK_DLL_IMPORT_OPTIONAL(AVFoundationCF, AVCFPlayerSetDirect3DDevice, void, __cdecl, (AVCFPlayerRef player, IDirect3DDevice9* d3dDevice))
 #define AVCFPlayerSetDirect3DDevice softLink_AVCFPlayerSetDirect3DDevice
 
@@ -397,6 +400,9 @@ SOFT_LINK_VARIABLE_DLL_IMPORT(AVFoundationCF, AVCFAssetPropertyAvailableMediaCha
 SOFT_LINK_VARIABLE_DLL_IMPORT(AVFoundationCF, AVCFURLAssetInheritURIQueryComponentFromReferencingURIKey, const CFStringRef);
 #define AVCFURLAssetInheritURIQueryComponentFromReferencingURIKey  getAVCFURLAssetInheritURIQueryComponentFromReferencingURIKey()
 
+SOFT_LINK_VARIABLE_DLL_IMPORT(AVFoundationCF, AVCFURLAssetReferenceRestrictionsKey, const CFStringRef);
+#define AVCFURLAssetReferenceRestrictionsKey getAVCFURLAssetReferenceRestrictionsKey()
+
 SOFT_LINK_VARIABLE_DLL_IMPORT(AVFoundationCF, AVCFMediaCharacteristicEasyToRead, const CFStringRef);
 #define AVCFMediaCharacteristicEasyToRead getAVCFMediaCharacteristicEasyToRead()
 
index d5c5c15..d1a063e 100644 (file)
 #pragma comment(lib, "libdispatch.lib")
 #endif
 
+enum {
+    AVAssetReferenceRestrictionForbidRemoteReferenceToLocal = (1UL << 0),
+    AVAssetReferenceRestrictionForbidLocalReferenceToRemote = (1UL << 1)
+};
+
 using namespace std;
 
 namespace WebCore {
@@ -1333,6 +1338,26 @@ void MediaPlayerPrivateAVFoundationCF::contentsNeedsDisplay()
         m_avfWrapper->setVideoLayerNeedsCommit();
 }
 
+URL MediaPlayerPrivateAVFoundationCF::resolvedURL() const
+{
+    if (!m_avfWrapper || !m_avfWrapper->avAsset())
+        return URL();
+
+    auto resolvedURL = adoptCF(AVCFAssetCopyResolvedURL(m_avfWrapper->avAsset()));
+
+    return URL(resolvedURL.get());
+}
+
+bool MediaPlayerPrivateAVFoundationCF::hasSingleSecurityOrigin() const
+{
+    if (!m_avfWrapper || !m_avfWrapper->avAsset())
+        return false;
+
+    Ref<SecurityOrigin> resolvedOrigin(SecurityOrigin::create(resolvedURL()));
+    Ref<SecurityOrigin> requestedOrigin(SecurityOrigin::createFromString(assetURL()));
+    return resolvedOrigin.get().isSameSchemeHostPort(&requestedOrigin.get());
+}
+
 AVFWrapper::AVFWrapper(MediaPlayerPrivateAVFoundationCF* owner)
     : m_owner(owner)
     , m_objectID(s_nextAVFWrapperObjectID++)
@@ -1492,6 +1517,11 @@ void AVFWrapper::createAssetForURL(const String& url, bool inheritURI)
     if (inheritURI)
         CFDictionarySetValue(optionsRef.get(), AVCFURLAssetInheritURIQueryComponentFromReferencingURIKey, kCFBooleanTrue);
 
+    const int restrictions = AVAssetReferenceRestrictionForbidRemoteReferenceToLocal | AVAssetReferenceRestrictionForbidLocalReferenceToRemote;
+    auto cfRestrictions = adoptCF(CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &restrictions));
+
+    CFDictionarySetValue(optionsRef.get(), AVCFURLAssetReferenceRestrictionsKey, cfRestrictions.get());
+
     m_avAsset = adoptCF(AVCFURLAssetCreateWithURLAndOptions(kCFAllocatorDefault, urlRef.get(), optionsRef.get(), m_notificationQueue));
 
 #if HAVE(AVFOUNDATION_LOADER_DELEGATE)
index f12e6d4..d0ecad6 100644 (file)
@@ -116,6 +116,10 @@ private:
 
     virtual void contentsNeedsDisplay();
 
+    URL resolvedURL() const override;
+
+    bool hasSingleSecurityOrigin() const override;
+
 #if ENABLE(LEGACY_ENCRYPTED_MEDIA)
     std::unique_ptr<CDMSession> createSession(const String&, CDMSessionClient*) override;
 #endif