[macOS] Create sandbox extension for AppleAVDUserClient when Media in GPU process is not enabled

pvollan · pvollan · commit 6edb76971aca · 2020-12-10T22:31:28.000Z
https://bugs.webkit.org/show_bug.cgi?id=219740 <rdar://problem/70496905> Reviewed by Brent Fulgham. Create sandbox extension for AppleAVDUserClient for WebContent process when Media in GPU process is not enabled on macOS, since this IOKit class is only used for Media purposes. * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in: * Shared/WebPageCreationParameters.cpp: (WebKit::WebPageCreationParameters::encode const): (WebKit::WebPageCreationParameters::decode): * Shared/WebPageCreationParameters.h: * UIProcess/WebPageProxy.cpp: (WebKit::mediaRelatedIOKitClasses): (WebKit::WebPageProxy::creationParameters): * WebProcess/WebPage/WebPage.cpp: (WebKit::m_limitsNavigationsToAppBoundDomains): * WebProcess/com.apple.WebProcess.sb.in: Canonical link: https://commits.webkit.org/232321@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@270657 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
@@ -1,3 +1,26 @@
+2020-12-10  Per Arne Vollan  <pvollan@apple.com>
+
+        [macOS] Create sandbox extension for AppleAVDUserClient when Media in GPU process is not enabled
+        https://bugs.webkit.org/show_bug.cgi?id=219740
+        <rdar://problem/70496905>
+
+        Reviewed by Brent Fulgham.
+
+        Create sandbox extension for AppleAVDUserClient for WebContent process when Media in GPU process is not enabled on macOS,
+        since this IOKit class is only used for Media purposes.
+
+        * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+        * Shared/WebPageCreationParameters.cpp:
+        (WebKit::WebPageCreationParameters::encode const):
+        (WebKit::WebPageCreationParameters::decode):
+        * Shared/WebPageCreationParameters.h:
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::mediaRelatedIOKitClasses):
+        (WebKit::WebPageProxy::creationParameters):
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::m_limitsNavigationsToAppBoundDomains):
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2020-12-10  Per Arne Vollan  <pvollan@apple.com>
 
         [macOS] Add telemetry for notification message filtering in sandbox
diff --git a/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in b/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in
@@ -832,3 +832,7 @@
 (allow mach-lookup
     (global-name "com.apple.relatived.tempest")
 )
+
+(allow iokit-open
+    (iokit-user-client-class "AppleAVDUserClient")
+)
diff --git a/Source/WebKit/Shared/WebPageCreationParameters.cpp b/Source/WebKit/Shared/WebPageCreationParameters.cpp
@@ -116,6 +116,7 @@ void WebPageCreationParameters::encode(IPC::Encoder& encoder) const
     encoder << additionalSupportedImageTypes;
     // FIXME(207716): The following should be removed when the GPU process is complete.
     encoder << mediaExtensionHandles;
+    encoder << mediaIOKitExtensionHandles;
     encoder << gpuIOKitExtensionHandles;
 #endif
 #if HAVE(APP_ACCENT_COLORS)
@@ -375,6 +376,12 @@ Optional<WebPageCreationParameters> WebPageCreationParameters::decode(IPC::Decod
     if (!mediaExtensionHandles)
         return WTF::nullopt;
     parameters.mediaExtensionHandles = WTFMove(*mediaExtensionHandles);
+
+    Optional<SandboxExtension::HandleArray> mediaIOKitExtensionHandles;
+    decoder >> mediaIOKitExtensionHandles;
+    if (!mediaIOKitExtensionHandles)
+        return WTF::nullopt;
+    parameters.mediaIOKitExtensionHandles = WTFMove(*mediaIOKitExtensionHandles);
     // FIXME(207716): End region to remove.
 
     Optional<SandboxExtension::HandleArray> gpuIOKitExtensionHandles;
diff --git a/Source/WebKit/Shared/WebPageCreationParameters.h b/Source/WebKit/Shared/WebPageCreationParameters.h
@@ -175,6 +175,7 @@ struct WebPageCreationParameters {
     bool smartInsertDeleteEnabled;
     Vector<String> additionalSupportedImageTypes;
     SandboxExtension::HandleArray mediaExtensionHandles; // FIXME(207716): Remove when GPU process is complete.
+    SandboxExtension::HandleArray mediaIOKitExtensionHandles;
     SandboxExtension::HandleArray gpuIOKitExtensionHandles;
 #endif
 #if HAVE(APP_ACCENT_COLORS)
diff --git a/Source/WebKit/UIProcess/WebPageProxy.cpp b/Source/WebKit/UIProcess/WebPageProxy.cpp
@@ -7820,6 +7820,16 @@ static const Vector<ASCIILiteral>& mediaRelatedMachServices()
     });
     return services;
 }
+
+static const Vector<ASCIILiteral>& mediaRelatedIOKitClasses()
+{
+    static const auto services = makeNeverDestroyed(Vector<ASCIILiteral> {
+#if (PLATFORM(MAC) || PLATFORM(MACCATALYST)) && CPU(ARM64)
+        "AppleAVDUserClient"_s,
+#endif
+    });
+    return services;
+}
 #endif
 
 WebPageCreationParameters WebPageProxy::creationParameters(WebProcessProxy& process, DrawingAreaProxy& drawingArea, RefPtr<API::WebsitePolicies>&& websitePolicies)
@@ -7914,6 +7924,7 @@ WebPageCreationParameters WebPageProxy::creationParameters(WebProcessProxy& proc
     if (needWebProcessExtensions) {
         // FIXME(207716): The following should be removed when the GPU process is complete.
         parameters.mediaExtensionHandles = SandboxExtension::createHandlesForMachLookup(mediaRelatedMachServices(), WTF::nullopt);
+        parameters.mediaIOKitExtensionHandles = SandboxExtension::createHandlesForIOKitClassExtensions(mediaRelatedIOKitClasses(), WTF::nullopt);
     }
 
     if (!preferences().useGPUProcessForMediaEnabled()
diff --git a/Source/WebKit/WebProcess/WebPage/WebPage.cpp b/Source/WebKit/WebProcess/WebPage/WebPage.cpp
@@ -589,6 +589,7 @@ WebPage::WebPage(PageIdentifier pageID, WebPageCreationParameters&& parameters)
     static bool hasConsumedMediaExtensionHandles = false;
     if (!hasConsumedMediaExtensionHandles && parameters.mediaExtensionHandles.size()) {
         SandboxExtension::consumePermanently(parameters.mediaExtensionHandles);
+        SandboxExtension::consumePermanently(parameters.mediaIOKitExtensionHandles);
         hasConsumedMediaExtensionHandles = true;
     }
     static bool hasConsumedGPUIOKitExtensionHandles = false;
diff --git a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
@@ -924,11 +924,16 @@
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 110000
         (with telemetry-backtrace)
 #endif
-        (iokit-user-client-class "AppleAVDUserClient")
         (iokit-user-client-class "IOMobileFramebufferUserClient")
         (iokit-user-client-class "IOSurfaceAcceleratorClient") ;; <rdar://problem/63696732>
         (iokit-user-client-class "IOSurfaceRootUserClient") ;; <rdar://problem/63696732>
     )
+    (allow iokit-open
+        (require-all
+            (extension "com.apple.webkit.extension.iokit")
+            (iokit-user-client-class "AppleAVDUserClient")
+        )
+    )
 )
 
 ;; cookied.

Original file line number	Diff line number	Diff line change
`@@ -832,3 +832,7 @@`
`832`	`832`	`(allow mach-lookup`
`833`	`833`	`(global-name "com.apple.relatived.tempest")`
`834`	`834`	`)`
	`835`	`+`
	`836`	`+(allow iokit-open`
	`837`	`+ (iokit-user-client-class "AppleAVDUserClient")`
	`838`	`+)`
Original file line number	Diff line number	Diff line change
`@@ -589,6 +589,7 @@ WebPage::WebPage(PageIdentifier pageID, WebPageCreationParameters&& parameters)`
`589`	`589`	`static bool hasConsumedMediaExtensionHandles = false;`
`590`	`590`	`if (!hasConsumedMediaExtensionHandles && parameters.mediaExtensionHandles.size()) {`
`591`	`591`	`SandboxExtension::consumePermanently(parameters.mediaExtensionHandles);`
	`592`	`+ SandboxExtension::consumePermanently(parameters.mediaIOKitExtensionHandles);`
`592`	`593`	`hasConsumedMediaExtensionHandles = true;`
`593`	`594`	`}`
`594`	`595`	`static bool hasConsumedGPUIOKitExtensionHandles = false;`