WebKit Bugzilla
Attachment 341668 Details for
Bug 184485
: Add JIT entitlements to WebContent process and plugin process on macOS
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-184485-20180531093540.patch (text/plain), 13.28 KB, created by
Brent Fulgham
on 2018-05-31 09:35:40 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Brent Fulgham
Created:
2018-05-31 09:35:40 PDT
Size:
13.28 KB
patch
obsolete
>Subversion Revision: 232347 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 23de5dd709914ede45bc153ee53db6edef33f03c..cd11dc8b291491270be29a5f95c3891eb171fd93 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,24 @@ >+2018-05-31 Brent Fulgham <bfulgham@apple.com> >+ >+ [macOS] Add JIT entitlements to WebContent process and plugin process on macOS >+ https://bugs.webkit.org/show_bug.cgi?id=184485 >+ <rdar://problem/37556535> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ This patch builds on the changes from Bug 185526 to add support for a JIT entitlement. It makes the >+ following changes: >+ >+ 1. Adds a new process-plugin-entitlements.sh script, which conditionally adds the restricted JIT entitlement >+ to the plugin processes when performing an internal build of WebKit. >+ 2. Modifies the process-webcontent-entitlements.sh script to conditionally add the restricted JIT entitlement >+ to the WebContent process when performing an internal build of WebKit. >+ 3. Modifies the Plugin.32 and Plugin.64 process build steps to run the new entitlement script. >+ >+ * Scripts/process-plugin-entitlements.sh: Added. >+ * Scripts/process-webcontent-entitlements.sh: Updated to apply the JIT entitlement when needed. >+ * WebKit.xcodeproj/project.pbxproj: >+ > 2018-05-30 Yusuke Suzuki <utatane.tea@gmail.com> > > [JSC] Pass VM& parameter as much as possible >diff --git a/Source/WebKit/Scripts/process-plugin-entitlements.sh b/Source/WebKit/Scripts/process-plugin-entitlements.sh >new file mode 100755 >index 0000000000000000000000000000000000000000..eff1654d4146b7d7dbef1ec818a86c24221c1286 >--- /dev/null >+++ b/Source/WebKit/Scripts/process-plugin-entitlements.sh >@@ -0,0 +1,17 @@ >+#!/bin/sh >+set -e >+ >+PROCESSED_XCENT_FILE="${TEMP_FILE_DIR}/${FULL_PRODUCT_NAME}.xcent" >+ >+if [[ ${WK_PLATFORM_NAME} == "macosx" ]]; then >+ >+ if [[ ${WK_USE_RESTRICTED_ENTITLEMENTS} == "YES" ]]; then >+ echo "Processing restricted entitlements for Internal SDK"; >+ >+ if (( ${TARGET_MAC_OS_X_VERSION_MAJOR} >= 101400 )); then >+ echo "Adding macOS platform entitlements."; >+ /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-jit bool YES" "${PROCESSED_XCENT_FILE}"; >+ fi >+ >+ fi >+fi >diff --git a/Source/WebKit/Scripts/process-webcontent-entitlements.sh b/Source/WebKit/Scripts/process-webcontent-entitlements.sh >index 2930fe68c8cfd64e875b9f60903d3ad55be7899d..43a6e43079c49a8fe920a7ec1ef5ceea634297fe 100755 >--- a/Source/WebKit/Scripts/process-webcontent-entitlements.sh >+++ b/Source/WebKit/Scripts/process-webcontent-entitlements.sh >@@ -11,6 +11,7 @@ if [[ ${WK_PLATFORM_NAME} == "macosx" ]]; then > if (( ${TARGET_MAC_OS_X_VERSION_MAJOR} >= 101400 )); then > echo "Adding macOS platform entitlements."; > /usr/libexec/PlistBuddy -c "Merge Configurations/WebContent-OSX-restricted.entitlements" "${PROCESSED_XCENT_FILE}"; >+ /usr/libexec/PlistBuddy -c "Add :com.apple.security.cs.allow-jit bool YES" "${PROCESSED_XCENT_FILE}"; > fi > > if [[ ${WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT} == "YES" ]]; then >diff --git a/Source/WebKit/WebKit.xcodeproj/project.pbxproj b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >index b519ff6691881670cc43c8ee91657121a831d739..cc4fe915a7b4a1f0e51d1481bef455b2a2090b6b 100644 >--- a/Source/WebKit/WebKit.xcodeproj/project.pbxproj >+++ b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >@@ -1307,6 +1307,8 @@ > 762B748D120BC75C00819339 /* WKPreferencesRefPrivate.h in Headers */ = {isa = PBXBuildFile; fileRef = 762B7484120BBA2D00819339 /* WKPreferencesRefPrivate.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 7A1E2A851EEFE8920037A0E0 /* APINotificationProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A1E2A841EEFE88A0037A0E0 /* APINotificationProvider.h */; }; > 7A3ACE1B1EEEF79B00A864A4 /* APIInjectedBundlePageLoaderClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A3ACE1A1EEEF78C00A864A4 /* APIInjectedBundlePageLoaderClient.h */; }; >+ 7A593E7C20C05387006FF2E8 /* process-plugin-entitlements.sh in Resources */ = {isa = PBXBuildFile; fileRef = 7A593E7B20C05378006FF2E8 /* process-plugin-entitlements.sh */; }; >+ 7A593E7D20C05388006FF2E8 /* process-plugin-entitlements.sh in Resources */ = {isa = PBXBuildFile; fileRef = 7A593E7B20C05378006FF2E8 /* process-plugin-entitlements.sh */; }; > 7A772C8D1DDD4A25000F34F1 /* com.apple.WebKit.plugin-common.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 7A1506721DD56298001F4B58 /* com.apple.WebKit.plugin-common.sb */; }; > 7A791EFA1C7CFCF100C4C52B /* WebResourceLoadStatisticsStoreMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7A791EF91C7CFB3700C4C52B /* WebResourceLoadStatisticsStoreMessageReceiver.cpp */; }; > 7A791EFB1C7CFD0100C4C52B /* WebResourceLoadStatisticsStoreMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = 7A791EF81C7CFB1000C4C52B /* WebResourceLoadStatisticsStoreMessages.h */; }; >@@ -3776,6 +3778,7 @@ > 7A1506721DD56298001F4B58 /* com.apple.WebKit.plugin-common.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "com.apple.WebKit.plugin-common.sb"; sourceTree = "<group>"; }; > 7A1E2A841EEFE88A0037A0E0 /* APINotificationProvider.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APINotificationProvider.h; sourceTree = "<group>"; }; > 7A3ACE1A1EEEF78C00A864A4 /* APIInjectedBundlePageLoaderClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIInjectedBundlePageLoaderClient.h; sourceTree = "<group>"; }; >+ 7A593E7B20C05378006FF2E8 /* process-plugin-entitlements.sh */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.script.sh; path = "process-plugin-entitlements.sh"; sourceTree = "<group>"; }; > 7A5E39491D5BD8A700B4B7CE /* com.macromedia.Flash Player ESR.plugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "com.macromedia.Flash Player ESR.plugin.sb"; sourceTree = "<group>"; }; > 7A791EF81C7CFB1000C4C52B /* WebResourceLoadStatisticsStoreMessages.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebResourceLoadStatisticsStoreMessages.h; sourceTree = "<group>"; }; > 7A791EF91C7CFB3700C4C52B /* WebResourceLoadStatisticsStoreMessageReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebResourceLoadStatisticsStoreMessageReceiver.cpp; sourceTree = "<group>"; }; >@@ -8486,6 +8489,7 @@ > 0FC0856F187CE0A900780D86 /* messages.py */, > 0FC08570187CE0A900780D86 /* model.py */, > 0FC08571187CE0A900780D86 /* parser.py */, >+ 7A593E7B20C05378006FF2E8 /* process-plugin-entitlements.sh */, > 7ACFAAD820B88D4F00C53203 /* process-webcontent-entitlements.sh */, > ); > path = Scripts; >@@ -9984,9 +9988,12 @@ > isa = PBXNativeTarget; > buildConfigurationList = BC82840416B4FDDE00A278FE /* Build configuration list for PBXNativeTarget "Plugin.32" */; > buildPhases = ( >+ 7A593E7F20C05427006FF2E8 /* Remove stale entitlements file */, > BC8283F516B4FDDE00A278FE /* Sources */, > BC8283F616B4FDDE00A278FE /* Frameworks */, > BC8283F716B4FDDE00A278FE /* Resources */, >+ 7A593E8020C05446006FF2E8 /* Unlock keychain */, >+ 7A593E8120C055E8006FF2E8 /* Add JIT entitlement */, > ); > buildRules = ( > ); >@@ -10002,9 +10009,12 @@ > isa = PBXNativeTarget; > buildConfigurationList = BC82842A16B4FDF700A278FE /* Build configuration list for PBXNativeTarget "Plugin.64" */; > buildPhases = ( >+ 7A593E7E20C05406006FF2E8 /* Remove stale entitlements file */, > BC82841B16B4FDF600A278FE /* Sources */, > BC82841C16B4FDF600A278FE /* Frameworks */, > BC82841D16B4FDF600A278FE /* Resources */, >+ 7A593E7920C0531C006FF2E8 /* Unlock keychain */, >+ 7A593E7A20C05326006FF2E8 /* Add JIT entitlement */, > ); > buildRules = ( > ); >@@ -10108,6 +10118,7 @@ > isa = PBXResourcesBuildPhase; > buildActionMask = 2147483647; > files = ( >+ 7A593E7C20C05387006FF2E8 /* process-plugin-entitlements.sh in Resources */, > ); > runOnlyForDeploymentPostprocessing = 0; > }; >@@ -10115,6 +10126,7 @@ > isa = PBXResourcesBuildPhase; > buildActionMask = 2147483647; > files = ( >+ 7A593E7D20C05388006FF2E8 /* process-plugin-entitlements.sh in Resources */, > ); > runOnlyForDeploymentPostprocessing = 0; > }; >@@ -10339,13 +10351,9 @@ > buildActionMask = 2147483647; > files = ( > ); >- inputFileListPaths = ( >- ); > inputPaths = ( > ); > name = "Unlock keychain"; >- outputFileListPaths = ( >- ); > outputPaths = ( > ); > runOnlyForDeploymentPostprocessing = 0; >@@ -10357,13 +10365,9 @@ > buildActionMask = 2147483647; > files = ( > ); >- inputFileListPaths = ( >- ); > inputPaths = ( > ); > name = "Unlock keychain"; >- outputFileListPaths = ( >- ); > outputPaths = ( > ); > runOnlyForDeploymentPostprocessing = 0; >@@ -10375,13 +10379,9 @@ > buildActionMask = 2147483647; > files = ( > ); >- inputFileListPaths = ( >- ); > inputPaths = ( > ); > name = "Remove stale entitlement file"; >- outputFileListPaths = ( >- ); > outputPaths = ( > ); > runOnlyForDeploymentPostprocessing = 0; >@@ -10393,32 +10393,110 @@ > buildActionMask = 2147483647; > files = ( > ); >- inputFileListPaths = ( >- ); > inputPaths = ( > ); > name = "Remove stale entitlement file"; >- outputFileListPaths = ( >+ outputPaths = ( >+ ); >+ runOnlyForDeploymentPostprocessing = 0; >+ shellPath = /bin/sh; >+ shellScript = "# We autogenerate this file, so don't want to retain an old copy during builds.\nrm -f ${TEMP_FILE_DIR}/${FULL_PRODUCT_NAME}.xcent\n"; >+ }; >+ 7A593E7920C0531C006FF2E8 /* Unlock keychain */ = { >+ isa = PBXShellScriptBuildPhase; >+ buildActionMask = 2147483647; >+ files = ( >+ ); >+ inputPaths = ( >+ ); >+ name = "Unlock keychain"; >+ outputPaths = ( >+ ); >+ runOnlyForDeploymentPostprocessing = 0; >+ shellPath = /bin/sh; >+ shellScript = "UNLOCK_SCRIPT_PATH=\"${SRCROOT}/../../../Internal/Tools/Scripts/unlock-safari-engineering-keychain-if-needed\"\n\n[[ -x \"${UNLOCK_SCRIPT_PATH}\" ]] && exec \"${UNLOCK_SCRIPT_PATH}\"\n\nexit 0\n"; >+ }; >+ 7A593E7A20C05326006FF2E8 /* Add JIT entitlement */ = { >+ isa = PBXShellScriptBuildPhase; >+ buildActionMask = 2147483647; >+ files = ( >+ ); >+ inputPaths = ( >+ "$(TEMP_FILE_DIR)/$(FULL_PRODUCT_NAME).xcent", >+ ); >+ name = "Add JIT entitlement"; >+ outputPaths = ( >+ ); >+ runOnlyForDeploymentPostprocessing = 0; >+ shellPath = /bin/sh; >+ shellScript = "Scripts/process-plugin-entitlements.sh\n"; >+ }; >+ 7A593E7E20C05406006FF2E8 /* Remove stale entitlements file */ = { >+ isa = PBXShellScriptBuildPhase; >+ buildActionMask = 2147483647; >+ files = ( >+ ); >+ inputPaths = ( > ); >+ name = "Remove stale entitlements file"; > outputPaths = ( > ); > runOnlyForDeploymentPostprocessing = 0; > shellPath = /bin/sh; > shellScript = "# We autogenerate this file, so don't want to retain an old copy during builds.\nrm -f ${TEMP_FILE_DIR}/${FULL_PRODUCT_NAME}.xcent\n"; > }; >- 7AFCBD5420B8911D00F55C9C /* Process WebContent entitlements */ = { >+ 7A593E7F20C05427006FF2E8 /* Remove stale entitlements file */ = { >+ isa = PBXShellScriptBuildPhase; >+ buildActionMask = 2147483647; >+ files = ( >+ ); >+ inputPaths = ( >+ ); >+ name = "Remove stale entitlements file"; >+ outputPaths = ( >+ ); >+ runOnlyForDeploymentPostprocessing = 0; >+ shellPath = /bin/sh; >+ shellScript = "# We autogenerate this file, so don't want to retain an old copy during builds.\nrm -f ${TEMP_FILE_DIR}/${FULL_PRODUCT_NAME}.xcent\n"; >+ }; >+ 7A593E8020C05446006FF2E8 /* Unlock keychain */ = { >+ isa = PBXShellScriptBuildPhase; >+ buildActionMask = 2147483647; >+ files = ( >+ ); >+ inputPaths = ( >+ ); >+ name = "Unlock keychain"; >+ outputPaths = ( >+ ); >+ runOnlyForDeploymentPostprocessing = 0; >+ shellPath = /bin/sh; >+ shellScript = "UNLOCK_SCRIPT_PATH=\"${SRCROOT}/../../../Internal/Tools/Scripts/unlock-safari-engineering-keychain-if-needed\"\n\n[[ -x \"${UNLOCK_SCRIPT_PATH}\" ]] && exec \"${UNLOCK_SCRIPT_PATH}\"\n\nexit 0\n"; >+ }; >+ 7A593E8120C055E8006FF2E8 /* Add JIT entitlement */ = { > isa = PBXShellScriptBuildPhase; > buildActionMask = 2147483647; > files = ( > ); >- inputFileListPaths = ( >+ inputPaths = ( >+ "$(TEMP_FILE_DIR)/$(FULL_PRODUCT_NAME).xcent", >+ ); >+ name = "Add JIT entitlement"; >+ outputPaths = ( >+ ); >+ runOnlyForDeploymentPostprocessing = 0; >+ shellPath = /bin/sh; >+ shellScript = "Scripts/process-plugin-entitlements.sh\n"; >+ }; >+ 7AFCBD5420B8911D00F55C9C /* Process WebContent entitlements */ = { >+ isa = PBXShellScriptBuildPhase; >+ buildActionMask = 2147483647; >+ files = ( > ); > inputPaths = ( > "$(TEMP_FILE_DIR)/$(FULL_PRODUCT_NAME).xcent", > ); > name = "Process WebContent entitlements"; >- outputFileListPaths = ( >- ); > outputPaths = ( > ); > runOnlyForDeploymentPostprocessing = 0; >@@ -10430,14 +10508,10 @@ > buildActionMask = 2147483647; > files = ( > ); >- inputFileListPaths = ( >- ); > inputPaths = ( > "$(TEMP_FILE_DIR)/$(FULL_PRODUCT_NAME).xcent", > ); > name = "Process WebContent entitlements"; >- outputFileListPaths = ( >- ); > outputPaths = ( > ); > runOnlyForDeploymentPostprocessing = 0;
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=341668">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 184485
:
337676
|
341668
|
341676
|
341682