Bug 201810 - Create InjectedBundle SPI to better support NSSecureCoding
Summary: Create InjectedBundle SPI to better support NSSecureCoding
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit API (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on:
Blocks: 210509
  Show dependency treegraph
 
Reported: 2019-09-15 15:34 PDT by Brent Fulgham
Modified: 2020-04-14 12:05 PDT (History)
8 users (show)

See Also:


Attachments
Patch (18.63 KB, patch)
2019-09-15 15:43 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff
Patch (18.70 KB, patch)
2019-09-15 15:58 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff
Patch for landing (48.73 KB, patch)
2019-09-17 17:25 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff
Patch for landing (44.41 KB, patch)
2019-09-17 17:27 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff
Patch for landing (43.65 KB, patch)
2019-09-17 17:35 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff
Patch (46.13 KB, patch)
2019-09-17 20:14 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff
Patch (45.59 KB, patch)
2019-09-18 16:59 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff
Patch for landing (45.59 KB, patch)
2019-09-19 08:50 PDT, Brent Fulgham
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2019-09-15 15:34:11 PDT
The encoding/decoding routines used by WebKit’s InjectedBundles are based on NSCoding. While we have changed WebKit internals to use NSSecureCoding, there are a number of injected bundles that need to serialize custom classes between the InjectedBundle and the relevant WebKit UIProcess.

We need to lock down this communications channel by enforcing NSSecureCoding.

This patch creates new SPI to allow the UIProcess to specify classes that it will accept in messages from the WebContet Process (and Injected Bundle).

It adds the following property to the WKProcessPoolConfiguration:

    @property (nonatomic, copy) NSSet<Class> *customClassesForParameterCoder;


Clients that wish to serialize custom classes would do something like the following:

        _WKProcessPoolConfiguration *configuration = [[_WKProcessPoolConfiguration alloc] init];
        ... various setup steps ...
        // An InjectedBundle will be used:
        [configuration setInjectedBundleURL:[[NSBundle mainBundle].builtInPlugInsURL URLByAppendingPathComponent:@"Example.wkbundle" isDirectory:YES]];
        // So specify any custom classes for the use case:
        [configuration setCustomClassesForParameterCoder:[NSSet setWithObjects:[Example1 class], [Example2 class], [Example3 class], nil]];

If no custom classes are specified, the standard serialization primitives are supported: NSArray, NSData, NSDate, NSDictionary, NSNull, NSNumber, NSSet,
NSString, NSTimeZone, NSURL, and NSUUID.
Comment 1 Brent Fulgham 2019-09-15 15:36:28 PDT
<rdar://problem/55265713>
Comment 2 Brent Fulgham 2019-09-15 15:43:07 PDT
Created attachment 378827 [details]
Patch
Comment 3 Brent Fulgham 2019-09-15 15:58:47 PDT
Created attachment 378829 [details]
Patch
Comment 4 Brent Fulgham 2019-09-15 15:59:38 PDT
WIP patch uploaded for initial discussion of SPI design.
Comment 5 Brady Eidson 2019-09-16 10:50:45 PDT
Comment on attachment 378829 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=378829&action=review

> Source/WebKit/ChangeLog:7
> +        The encoding/decoding routines used by WebKitâs InjectedBundles are based on NSCoding.

WebKitâs
Comment 6 Brent Fulgham 2019-09-17 17:25:37 PDT
Created attachment 379009 [details]
Patch for landing
Comment 7 Brent Fulgham 2019-09-17 17:27:25 PDT
Created attachment 379010 [details]
Patch for landing
Comment 8 Brent Fulgham 2019-09-17 17:35:13 PDT
Created attachment 379012 [details]
Patch for landing
Comment 9 Brent Fulgham 2019-09-17 20:14:41 PDT
Created attachment 379015 [details]
Patch
Comment 10 Brent Fulgham 2019-09-18 16:59:06 PDT
Created attachment 379086 [details]
Patch
Comment 11 Brent Fulgham 2019-09-19 08:34:45 PDT
The WinCairo error is a bot issue.
Comment 12 Brent Fulgham 2019-09-19 08:50:59 PDT
Created attachment 379135 [details]
Patch for landing
Comment 13 WebKit Commit Bot 2019-09-19 09:11:37 PDT
Comment on attachment 379135 [details]
Patch for landing

Clearing flags on attachment: 379135

Committed r250093: <https://trac.webkit.org/changeset/250093>
Comment 14 WebKit Commit Bot 2019-09-19 09:11:39 PDT
All reviewed patches have been landed.  Closing bug.