Bug 172157

Summary: [WK2][macOS] Support Flash Player DRM features
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit2Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, bfulgham, commit-queue, dino, ggaren, mitz
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=173082
Attachments:
Description Flags
Patch none

Brent Fulgham
Reported 2017-05-15 21:49:31 PDT
Certain Flash-based media players have DRM that require access to additional IOKit property. This patch weakens the PluginProcess sandbox to support these DRM features.
Attachments
Patch (1.46 KB, patch)
2017-05-15 21:51 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2017-05-15 21:50:22 PDT
<rdar://problem/31889297>
Brent Fulgham
Comment 2 2017-05-15 21:51:51 PDT
Created attachment 310222 [details] Patch
WebKit Commit Bot
Comment 3 2017-05-16 12:54:49 PDT
Comment on attachment 310222 [details] Patch Clearing flags on attachment: 310222 Committed r216943: <http://trac.webkit.org/changeset/216943>
WebKit Commit Bot
Comment 4 2017-05-16 12:54:50 PDT
All reviewed patches have been landed. Closing bug.
mitz
Comment 5 2017-05-16 13:02:34 PDT
Comment on attachment 310222 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=310222&action=review > Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:68 > + (iokit-property "IOMACAddress") ;; For some Flash players > + (iokit-property "IOPlatformSerialNumber") ;; Ditto I wonder why things that are needed for specific plug-ins cannot be in the sandbox profiles for those specific plug-ins, such as com.macromedia.Flash Player.plugin.sb and com.macromedia.Flash Player ESR.plugin.sb.
Brent Fulgham
Comment 6 2017-05-16 13:30:45 PDT
(In reply to mitz from comment #5) > Comment on attachment 310222 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=310222&action=review > > > Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:68 > > + (iokit-property "IOMACAddress") ;; For some Flash players > > + (iokit-property "IOPlatformSerialNumber") ;; Ditto > > I wonder why things that are needed for specific plug-ins cannot be in the > sandbox profiles for those specific plug-ins, such as com.macromedia.Flash > Player.plugin.sb and com.macromedia.Flash Player ESR.plugin.sb. They definitely could be done at a lower level. Once some internal discussions are complete, we may decide to narrow the scope of these properties to specific plugins only. Ultimately, of course, the goal is to get rid of plugins entirely.
Note You need to log in before you can comment on or make changes to this bug.