RESOLVED FIXED 172365
Enable library validation on WebKit XPC processes
https://bugs.webkit.org/show_bug.cgi?id=172365
Summary Enable library validation on WebKit XPC processes
David Kilzer (:ddkilzer)
Reported 2017-05-19 10:00:28 PDT
Need the bug URL (OOPS!). <rdar://problem/26470661> Reviewed by NOBODY (OOPS!). * Configurations/Base.xcconfig: (WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS): Set a default value so that it can be overridden by build commands. * Configurations/BaseXPCService.xcconfig: (OTHER_CODE_SIGN_FLAGS): Enable library validation for all SDKs except for simulator SDKs, based on WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS. * Configurations/DebugRelease.xcconfig: (OTHER_CODE_SIGN_FLAGS): Disable library validation for engineering builds. * Configurations/PluginService.32.xcconfig: (OTHER_CODE_SIGN_FLAGS): Disable library validation for plugin process since it loads third-party binaries. * Configurations/PluginService.64.xcconfig: Ditto. * Configurations/WebContentService.xcconfig: (OTHER_CODE_SIGN_FLAGS): Remove since it's now defined in BaseXPCService.xcconfig. (WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS): Remove since it's no longer needed. (WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS_YES): Ditto. --- 7 files changed, 39 insertions(+), 4 deletions(-)
Attachments
Patch (6.24 KB, patch)
2017-05-19 10:00 PDT, David Kilzer (:ddkilzer)
buildbot: commit-queue-
Archive of layout-test-results from ews107 for mac-elcapitan-wk2 (535.71 KB, application/zip)
2017-05-19 11:41 PDT, Build Bot
no flags
Part 1: Web Content service (23.53 KB, patch)
2018-01-24 10:02 PST, mitz
no flags
David Kilzer (:ddkilzer)
Comment 1 2017-05-19 10:00:29 PDT
David Kilzer (:ddkilzer)
Comment 2 2017-05-19 10:03:36 PDT
Brent Fulgham
Comment 3 2017-05-19 10:21:09 PDT
Comment on attachment 310669 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=310669&action=review > Source/WebKit2/Configurations/Base.xcconfig:109 > +WK_LIBRARY_VALIDATION_CODE_SIGN_FLAGS = -o library; Could this be gated on target release somehow? I wonder if we could enable it only for builds beyond some target OS to avoid breaking builds targeting older OS's?
Build Bot
Comment 4 2017-05-19 11:41:26 PDT
Comment on attachment 310669 [details] Patch Attachment 310669 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.webkit.org/results/3777825 Number of test failures exceeded the failure limit.
Build Bot
Comment 5 2017-05-19 11:41:27 PDT
Created attachment 310680 [details] Archive of layout-test-results from ews107 for mac-elcapitan-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: ews107 Port: mac-elcapitan-wk2 Platform: Mac OS X 10.11.6
mitz
Comment 6 2018-01-24 10:02:03 PST
Created attachment 332175 [details] Part 1: Web Content service This is a revised version of a patch I’ve tested at Apple. Posting to see if the revisions broke it for EWS.
Brent Fulgham
Comment 7 2018-01-24 10:10:24 PST
Comment on attachment 332175 [details] Part 1: Web Content service View in context: https://bugs.webkit.org/attachment.cgi?id=332175&action=review > Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm:43 > + static bool isSystemWebKit = [] { should we use 'dispatch_once' here?
mitz
Comment 8 2018-01-24 10:12:14 PST
Comment on attachment 332175 [details] Part 1: Web Content service View in context: https://bugs.webkit.org/attachment.cgi?id=332175&action=review >> Source/WebKit/UIProcess/mac/WebProcessProxyMac.mm:43 >> + static bool isSystemWebKit = [] { > > should we use 'dispatch_once' here? This function shouldn’t be getting called from arbitrary threads, so no.
David Kilzer (:ddkilzer)
Comment 9 2018-01-24 13:37:23 PST
Comment on attachment 332175 [details] Part 1: Web Content service r=me
WebKit Commit Bot
Comment 10 2018-01-24 15:30:29 PST
Comment on attachment 332175 [details] Part 1: Web Content service Clearing flags on attachment: 332175 Committed r227582: <https://trac.webkit.org/changeset/227582>
WebKit Commit Bot
Comment 11 2018-01-24 15:30:30 PST
All reviewed patches have been landed. Closing bug.
mitz
Comment 12 2018-01-24 15:39:19 PST
Reopening to track the remaining non-PlugIn services.
mitz
Comment 13 2018-01-25 10:09:57 PST
(In reply to mitz from comment #12) > Reopening to track the remaining non-PlugIn services. Actually, going to use bug 173424 for the remaining services.
Note You need to log in before you can comment on or make changes to this bug.