RESOLVED FIXED 172157
[WK2][macOS] Support Flash Player DRM features 
https://bugs.webkit.org/show_bug.cgi?id=172157
Summary [WK2][macOS] Support Flash Player DRM features
Brent Fulgham
Reported 2017-05-15 21:49:31 PDT
Certain Flash-based media players have DRM that require access to additional IOKit property. This patch weakens the PluginProcess sandbox to support these DRM features.
Attachments
Patch (1.46 KB, patch)
2017-05-15 21:51 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2017-05-15 21:50:22 PDT
<rdar://problem/31889297>
Brent Fulgham
Comment 2 2017-05-15 21:51:51 PDT
Created attachment 310222 [details] Patch
WebKit Commit Bot
Comment 3 2017-05-16 12:54:49 PDT
Comment on attachment 310222 [details] Patch Clearing flags on attachment: 310222 Committed r216943: <http://trac.webkit.org/changeset/216943>
WebKit Commit Bot
Comment 4 2017-05-16 12:54:50 PDT
All reviewed patches have been landed. Closing bug.
mitz
Comment 5 2017-05-16 13:02:34 PDT
Comment on attachment 310222 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=310222&action=review > Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:68 > + (iokit-property "IOMACAddress") ;; For some Flash players > + (iokit-property "IOPlatformSerialNumber") ;; Ditto I wonder why things that are needed for specific plug-ins cannot be in the sandbox profiles for those specific plug-ins, such as com.macromedia.Flash Player.plugin.sb and com.macromedia.Flash Player ESR.plugin.sb.
Brent Fulgham
Comment 6 2017-05-16 13:30:45 PDT
(In reply to mitz from comment #5) > Comment on attachment 310222 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=310222&action=review > > > Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:68 > > + (iokit-property "IOMACAddress") ;; For some Flash players > > + (iokit-property "IOPlatformSerialNumber") ;; Ditto > > I wonder why things that are needed for specific plug-ins cannot be in the > sandbox profiles for those specific plug-ins, such as com.macromedia.Flash > Player.plugin.sb and com.macromedia.Flash Player ESR.plugin.sb. They definitely could be done at a lower level. Once some internal discussions are complete, we may decide to narrow the scope of these properties to specific plugins only. Ultimately, of course, the goal is to get rid of plugins entirely.
Note You need to log in before you can comment on or make changes to this bug.