172157 2017-05-15 21:49:31 -0700 [WK2][macOS] Support Flash Player DRM features 2017-06-07 16:49:53 -0700 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED https://bugs.webkit.org/show_bug.cgi?id=173082 InRadar P2 Normal --- 1 bfulgham bfulgham achristensen ap bfulgham commit-queue dino ggaren mitz oldest_to_newest 1308974 0 bfulgham 2017-05-15 21:49:31 -0700 Certain Flash-based media players have DRM that require access to additional IOKit property. This patch weakens the PluginProcess sandbox to support these DRM features. 1308975 1 bfulgham 2017-05-15 21:50:22 -0700 <rdar://problem/31889297> 1308976 2 310222 bfulgham 2017-05-15 21:51:51 -0700 Created attachment 310222 Patch 1309249 3 310222 commit-queue 2017-05-16 12:54:49 -0700 Comment on attachment 310222 Patch Clearing flags on attachment: 310222 Committed r216943: <http://trac.webkit.org/changeset/216943> 1309250 4 commit-queue 2017-05-16 12:54:50 -0700 All reviewed patches have been landed. Closing bug. 1309251 5 310222 mitz 2017-05-16 13:02:34 -0700 Comment on attachment 310222 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=310222&action=review > Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:68 > + (iokit-property "IOMACAddress") ;; For some Flash players > + (iokit-property "IOPlatformSerialNumber") ;; Ditto I wonder why things that are needed for specific plug-ins cannot be in the sandbox profiles for those specific plug-ins, such as com.macromedia.Flash Player.plugin.sb and com.macromedia.Flash Player ESR.plugin.sb. 1309264 6 bfulgham 2017-05-16 13:30:45 -0700 (In reply to mitz from comment #5) > Comment on attachment 310222 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=310222&action=review > > > Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:68 > > + (iokit-property "IOMACAddress") ;; For some Flash players > > + (iokit-property "IOPlatformSerialNumber") ;; Ditto > > I wonder why things that are needed for specific plug-ins cannot be in the > sandbox profiles for those specific plug-ins, such as com.macromedia.Flash > Player.plugin.sb and com.macromedia.Flash Player ESR.plugin.sb. They definitely could be done at a lower level. Once some internal discussions are complete, we may decide to narrow the scope of these properties to specific plugins only. Ultimately, of course, the goal is to get rid of plugins entirely. 310222 2017-05-15 21:51:51 -0700 2017-05-16 12:54:49 -0700 Patch bug-172157-20170515215150.patch text/plain 1496 bfulgham SW5kZXg6IFNvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi S2l0Mi9DaGFuZ2VMb2cJKHJldmlzaW9uIDIxNjkwMCkKKysrIFNvdXJjZS9XZWJLaXQyL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDE3LTA1LTE1ICBCcmVudCBG dWxnaGFtICA8YmZ1bGdoYW1AYXBwbGUuY29tPgorCisgICAgICAgIFtXSzJdW21hY09TXSBTdXBw b3J0IEZsYXNoIFBsYXllciBEUk0gZmVhdHVyZXMKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtp dC5vcmcvc2hvd19idWcuY2dpP2lkPTE3MjE1NworICAgICAgICA8cmRhcjovL3Byb2JsZW0vMzE4 ODkyOTc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAg UmVsYXggdGhlIElPS2l0IHdoaXRlbGlzdCB0byBzdXBwb3J0IERSTSBmZWF0dXJlcyBuZWVkZWQg YnkKKyAgICAgICAgc29tZSB3ZWJzaXRlcy4KKworICAgICAgICAqIFBsdWdpblByb2Nlc3MvbWFj L2NvbS5hcHBsZS5XZWJLaXQucGx1Z2luLWNvbW1vbi5zYi5pbjoKKwogMjAxNy0wNS0xNSAgWW91 ZW5uIEZhYmxldCAgPHlvdWVubkBhcHBsZS5jb20+CiAKICAgICAgICAgU2ltcGxpZnkgUmVhbHRp bWVNZWRpYVNvdXJjZSBkYXRhIHByb2R1Y3Rpb24gYW5kIHN0YXRlCkluZGV4OiBTb3VyY2UvV2Vi S2l0Mi9QbHVnaW5Qcm9jZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0LnBsdWdpbi1jb21tb24uc2Iu aW4KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYktpdDIvUGx1Z2luUHJvY2Vzcy9tYWMvY29tLmFw cGxlLldlYktpdC5wbHVnaW4tY29tbW9uLnNiLmluCShyZXZpc2lvbiAyMTY4OTcpCisrKyBTb3Vy Y2UvV2ViS2l0Mi9QbHVnaW5Qcm9jZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0LnBsdWdpbi1jb21t b24uc2IuaW4JKHdvcmtpbmcgY29weSkKQEAgLTYzLDYgKzYzLDkgQEAKICAgICAoaW9raXQtcHJv cGVydHkgIklPR2VuZXJhbEludGVyZXN0IikKICAgICAoaW9raXQtcHJvcGVydHkgIklPR0xCdW5k bGVOYW1lIikKICAgICAoaW9raXQtcHJvcGVydHkgIklPR1ZBQ29kZWMiKQorICAgIChpb2tpdC1w cm9wZXJ0eS1yZWdleCAiXklPR1ZBW0EtWl0rRGVjb2RlIikKKyAgICAoaW9raXQtcHJvcGVydHkg IklPTUFDQWRkcmVzcyIpIDs7IEZvciBzb21lIEZsYXNoIHBsYXllcnMKKyAgICAoaW9raXQtcHJv cGVydHkgIklPUGxhdGZvcm1TZXJpYWxOdW1iZXIiKSA7OyBEaXR0bwogICAgIChpb2tpdC1wcm9w ZXJ0eSAiSU9TY3JlZW5SZXN0b3JlU3RhdGUiKQogICAgIChpb2tpdC1wcm9wZXJ0eSAiSU9WQVJl bmRlcmVySUQiKQogICAgIChpb2tpdC1wcm9wZXJ0eS1yZWdleCAjIl5NZXRhbFBsdWdpbihOYW1l fENsYXNzTmFtZSkiKQo=