Bug 230516

Summary: Move PCMDaemon to WebKit.framework and rename it to AdAttributionDaemon
Product: WebKit Reporter: Alex Christensen <achristensen>
Component: New BugsAssignee: Alex Christensen <achristensen>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, thorton, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch none

Alex Christensen
Reported 2021-09-20 15:29:03 PDT
Move PCMDaemon to WebKit.framework and rename it to AdAttributionDaemon
Attachments
Patch (31.46 KB, patch)
2021-09-20 15:30 PDT, Alex Christensen
no flags
Patch (32.59 KB, patch)
2021-09-21 20:57 PDT, Alex Christensen
no flags
Patch (32.79 KB, patch)
2021-09-22 11:22 PDT, Alex Christensen
no flags
Patch (32.67 KB, patch)
2021-09-22 12:25 PDT, Alex Christensen
no flags
Alex Christensen
Comment 1 2021-09-20 15:30:02 PDT
Alex Christensen
Comment 2 2021-09-21 20:57:18 PDT
Alex Christensen
Comment 3 2021-09-21 21:33:13 PDT
I verified that this does not break the internal build. It puts the executable at /usr/local/bin/AdAttributionDaemon which we may want to change to inside the WebKit framework. I think we will probably want to disable it somehow for Catalyst.
Alex Christensen
Comment 4 2021-09-22 11:22:50 PDT
Alex Christensen
Comment 5 2021-09-22 11:23:31 PDT
There we go. This one puts it in the WebKit framework similarly to how we do with our xpc service executables.
Tim Horton
Comment 6 2021-09-22 11:46:35 PDT
Comment on attachment 438962 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438962&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:690 > +(allow mach-lookup (global-name "org.webkit.pcmtestdaemon.service")) Should the production network process have access to the test daemon?
Tim Horton
Comment 7 2021-09-22 11:46:56 PDT
(maybe instead we should grant it dynamically via SPI or something?)
Alex Christensen
Comment 8 2021-09-22 12:25:37 PDT
Alex Christensen
Comment 9 2021-09-22 12:26:13 PDT
It apparently doesn't need it in the iOS simulator, which is where we run tests.
Tim Horton
Comment 10 2021-09-22 13:02:08 PDT
Comment on attachment 438966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438966&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:689 > +(allow mach-lookup (global-name "com.apple.webkit.adattributiond.service")) Needs a Per Arne or Brent review IMO
Brent Fulgham
Comment 11 2021-09-22 13:27:48 PDT
Comment on attachment 438966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438966&action=review r=me. > Source/WebKit/ChangeLog:11 > + * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Do we expect to run this daemon on macOS, too? Or is it only iOS at this time? >> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:689 >> +(allow mach-lookup (global-name "com.apple.webkit.adattributiond.service")) > > Needs a Per Arne or Brent review IMO To allow this access, we will need to do a few things: 1. Make sure the AdAttribution daemon runs as non-root. 2. AdAttribution daemon must be sandboxed. 3. We should get Product Security to review the new daemon and the IPC messages we exchange with it. But this rule is fine for now.
Alex Christensen
Comment 12 2021-09-22 13:31:35 PDT
Comment on attachment 438966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438966&action=review >> Source/WebKit/ChangeLog:11 >> + * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: > > Do we expect to run this daemon on macOS, too? Or is it only iOS at this time? Both. I already added it to the macOS sandbox.
EWS
Comment 13 2021-09-22 14:05:58 PDT
Committed r282883 (242012@main): <https://commits.webkit.org/242012@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 438966 [details].
Radar WebKit Bug Importer
Comment 14 2021-09-22 14:06:16 PDT
Alex Christensen
Comment 15 2021-09-29 16:36:34 PDT
Note You need to log in before you can comment on or make changes to this bug.