Attribute nw connections to the source application master
authoryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 30 Jul 2021 17:30:58 +0000 (17:30 +0000)
committeryouenn@apple.com <youenn@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 30 Jul 2021 17:30:58 +0000 (17:30 +0000)
https://bugs.webkit.org/show_bug.cgi?id=228641
<rdar://81039713>

Reviewed by Alex Christensen.

Add source application token for every nw connection/listener, like done for WebSocket or NSURLSession tasks.
This will allow the nw layer to do custom processing based on the application doing the loads.
Introduce an audit_token_t getter on NetworkProcess.

* NetworkProcess/cocoa/NetworkProcessCocoa.mm:
(WebKit::NetworkProcess::sourceApplicationAuditData const):
(WebKit::NetworkProcess::sourceApplicationAuditToken const):
* NetworkProcess/webrtc/NetworkRTCProvider.cpp:
(WebKit::NetworkRTCProvider::NetworkRTCProvider):
* NetworkProcess/webrtc/NetworkRTCProvider.h:
(WebKit::NetworkRTCProvider::sourceApplicationAuditToken const):
* NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.mm:
(WebKit::NetworkRTCTCPSocketCocoa::NetworkRTCTCPSocketCocoa):
* NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm:
(WebKit::NetworkRTCUDPSocketCocoaConnections::NetworkRTCUDPSocketCocoaConnections):
(WebKit::NetworkRTCUDPSocketCocoaConnections::configureParameters):
* Platform/spi/Cocoa/NWParametersSPI.h:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@280481 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/NetworkProcess/NetworkProcess.h
Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm
Source/WebKit/NetworkProcess/webrtc/NetworkRTCProvider.cpp
Source/WebKit/NetworkProcess/webrtc/NetworkRTCProvider.h
Source/WebKit/NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.mm
Source/WebKit/NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm
Source/WebKit/Platform/spi/Cocoa/NWParametersSPI.h

index 6f21a68a8bda0628d090f7cf24793cfbf64b8857..9b7803ef281178984ef9a2fe66df90d8046fee10 100644 (file)
@@ -1,3 +1,29 @@
+2021-07-30  Youenn Fablet  <youenn@apple.com>
+
+        Attribute nw connections to the source application
+        https://bugs.webkit.org/show_bug.cgi?id=228641
+        <rdar://81039713>
+
+        Reviewed by Alex Christensen.
+
+        Add source application token for every nw connection/listener, like done for WebSocket or NSURLSession tasks.
+        This will allow the nw layer to do custom processing based on the application doing the loads.
+        Introduce an audit_token_t getter on NetworkProcess.
+
+        * NetworkProcess/cocoa/NetworkProcessCocoa.mm:
+        (WebKit::NetworkProcess::sourceApplicationAuditData const):
+        (WebKit::NetworkProcess::sourceApplicationAuditToken const):
+        * NetworkProcess/webrtc/NetworkRTCProvider.cpp:
+        (WebKit::NetworkRTCProvider::NetworkRTCProvider):
+        * NetworkProcess/webrtc/NetworkRTCProvider.h:
+        (WebKit::NetworkRTCProvider::sourceApplicationAuditToken const):
+        * NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.mm:
+        (WebKit::NetworkRTCTCPSocketCocoa::NetworkRTCTCPSocketCocoa):
+        * NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm:
+        (WebKit::NetworkRTCUDPSocketCocoaConnections::NetworkRTCUDPSocketCocoaConnections):
+        (WebKit::NetworkRTCUDPSocketCocoaConnections::configureParameters):
+        * Platform/spi/Cocoa/NWParametersSPI.h:
+
 2021-07-29  Myles C. Maxfield  <mmaxfield@apple.com>
 
         Stop building WebGPU and the WHLSL compiler to decrease binary size
index f06dad4729bdfbea753ff8c93aa3e75a9ad88b03..ea83c3e042d0785f5a4901a32413863a1513030e 100644 (file)
@@ -197,6 +197,7 @@ public:
 
 #if PLATFORM(COCOA)
     RetainPtr<CFDataRef> sourceApplicationAuditData() const;
+    std::optional<audit_token_t> sourceApplicationAuditToken() const;
 #endif
 #if PLATFORM(COCOA) || USE(SOUP)
     HashSet<String> hostNamesWithHSTSCache(PAL::SessionID) const;
index 29d82193f9ed9777285eca050af980f688cbecae..25dd9829f3cce9c54ea58e4cf72c196928aa86b3 100644 (file)
@@ -108,16 +108,23 @@ void NetworkProcess::platformInitializeNetworkProcessCocoa(const NetworkProcessC
 
 RetainPtr<CFDataRef> NetworkProcess::sourceApplicationAuditData() const
 {
+#if USE(SOURCE_APPLICATION_AUDIT_DATA)
+    if (auto auditToken = sourceApplicationAuditToken())
+        return adoptCF(CFDataCreate(nullptr, (const UInt8*)&*auditToken, sizeof(*auditToken)));
+#endif
+
+    return nullptr;
+}
+
+std::optional<audit_token_t> NetworkProcess::sourceApplicationAuditToken() const
+{
 #if USE(SOURCE_APPLICATION_AUDIT_DATA)
     ASSERT(parentProcessConnection());
     if (!parentProcessConnection())
-        return nullptr;
-    std::optional<audit_token_t> auditToken = parentProcessConnection()->getAuditToken();
-    if (!auditToken)
-        return nullptr;
-    return adoptCF(CFDataCreate(nullptr, (const UInt8*)&*auditToken, sizeof(*auditToken)));
+        return { };
+    return parentProcessConnection()->getAuditToken();
 #else
-    return nullptr;
+    return { };
 #endif
 }
 
index 7b53c544a79d389d2760dab7d08ffde60a37ec32..98b306ec5036f6a9cfeed2deb07a19a34516cca7 100644 (file)
@@ -86,6 +86,9 @@ NetworkRTCProvider::NetworkRTCProvider(NetworkConnectionToWebProcess& connection
     , m_rtcMonitor(*this)
     , m_rtcNetworkThread(rtcNetworkThread())
     , m_packetSocketFactory(makeUniqueRefWithoutFastMallocCheck<rtc::BasicPacketSocketFactory>(&m_rtcNetworkThread))
+#if PLATFORM(COCOA)
+    , m_sourceApplicationAuditToken(connection.networkProcess().sourceApplicationAuditToken())
+#endif
 {
 #if !RELEASE_LOG_DISABLED
     rtc::LogMessage::SetLogOutput(WebKit2LogWebRTC.state == WTFLogChannelState::On ? rtc::LS_INFO : rtc::LS_WARNING, doReleaseLogging);
index 3a7a5a64a3c189427b56870ddec1b3ae359848e7..bfffebc4ae9cf3fd8a51ed578140cde9837aaa30 100644 (file)
@@ -105,6 +105,10 @@ public:
     void closeSocket(WebCore::LibWebRTCSocketIdentifier);
     void doSocketTaskOnRTCNetworkThread(WebCore::LibWebRTCSocketIdentifier, Function<void(Socket&)>&&);
 
+#if PLATFORM(COCOA)
+    const std::optional<audit_token_t>& sourceApplicationAuditToken() const { return m_sourceApplicationAuditToken; }
+#endif
+
 private:
     explicit NetworkRTCProvider(NetworkConnectionToWebProcess&);
     void startListeningForIPC();
@@ -147,6 +151,11 @@ private:
     bool m_isListeningSocketAuthorized { true };
     bool m_platformTCPSocketsEnabled { false };
     bool m_platformUDPSocketsEnabled { false };
+
+#if PLATFORM(COCOA)
+    std::optional<audit_token_t> m_sourceApplicationAuditToken;
+#endif
+
 };
 
 } // namespace WebKit
index dff408c66d93b7f57e544eef2b3b0a2e5fc400f1..faffd2c9fb9d29e502da99a9932d440b5bcfb97a 100644 (file)
@@ -31,6 +31,7 @@
 #include "DataReference.h"
 #include "LibWebRTCNetworkMessages.h"
 #include "Logging.h"
+#include "NWParametersSPI.h"
 #include <WebCore/STUNMessageParsing.h>
 #include <dispatch/dispatch.h>
 #include <wtf/BlockPtr.h>
@@ -95,6 +96,9 @@ NetworkRTCTCPSocketCocoa::NetworkRTCTCPSocketCocoa(LibWebRTCSocketIdentifier ide
         nw_tcp_options_set_no_delay(tcp_options, true);
     }));
 
+    if (auto token = rtcProvider.sourceApplicationAuditToken())
+        nw_parameters_set_source_application(tcpTLS.get(), *token);
+
     m_nwConnection = adoptNS(nw_connection_create(host.get(), tcpTLS.get()));
 
     nw_connection_set_queue(m_nwConnection.get(), tcpSocketQueue());
index b37db00a2d170119b57445df5e60f48bd8eff92d..ccb0980fae6cb9b868c241e57d474c078f78e4d9 100644 (file)
@@ -74,6 +74,9 @@ private:
     bool m_isKnownTracker { false };
 #endif
     bool m_shouldBypassRelay { false };
+
+    std::optional<audit_token_t> m_sourceApplicationAuditToken;
+
     rtc::SocketAddress m_address;
     RetainPtr<nw_listener_t> m_nwListener;
     Lock m_nwConnectionsLock;
@@ -159,6 +162,7 @@ NetworkRTCUDPSocketCocoaConnections::NetworkRTCUDPSocketCocoaConnections(WebCore
     , m_isKnownTracker(isKnownTracker(domain))
 #endif
     , m_shouldBypassRelay(isRelayDisabled)
+    , m_sourceApplicationAuditToken(rtcProvider.sourceApplicationAuditToken())
 {
     auto parameters = adoptNS(nw_parameters_create_secure_udp(NW_PARAMETERS_DISABLE_PROTOCOL, NW_PARAMETERS_DEFAULT_CONFIGURATION));
     {
@@ -233,6 +237,9 @@ void NetworkRTCUDPSocketCocoaConnections::configureParameters(nw_parameters_t pa
     nw_parameters_set_is_known_tracker(parameters, m_isKnownTracker);
 #endif
 
+    if (m_sourceApplicationAuditToken)
+        nw_parameters_set_source_application(parameters, *m_sourceApplicationAuditToken);
+
     nw_parameters_set_reuse_local_address(parameters, true);
 }
 
index 1c21e32b40ed5d9c599cefd60ee815a9a81d97ad..584996edbc0fb77d3b742e1b91179af3f25602e6 100644 (file)
@@ -34,6 +34,7 @@
 WTF_EXTERN_C_BEGIN
 
 void nw_parameters_set_account_id(nw_parameters_t, const char * account_id);
+void nw_parameters_set_source_application(nw_parameters_t, audit_token_t);
 
 #if HAVE(NWPARAMETERS_TRACKER_API)
 void nw_parameters_set_is_third_party_web_content(nw_parameters_t, bool is_third_party_web_content);