Bug 217336 - [macOS] Add XPC endpoint entitlement for the WebContent development process
Summary: [macOS] Add XPC endpoint entitlement for the WebContent development process
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-10-05 14:00 PDT by Per Arne Vollan
Modified: 2020-10-20 09:04 PDT (History)
3 users (show)

See Also:


Attachments
Patch (1.55 KB, patch)
2020-10-05 14:04 PDT, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (1.66 KB, patch)
2020-10-05 14:42 PDT, Per Arne Vollan
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2020-10-05 14:00:02 PDT
The WebContent process has the entitlement 'com.apple.private.webkit.use-xpc-endpoint', which is not present in the development version.
Comment 1 Per Arne Vollan 2020-10-05 14:04:13 PDT
Created attachment 410553 [details]
Patch
Comment 2 Per Arne Vollan 2020-10-05 14:41:46 PDT
<rdar://problem/68585497>
Comment 3 Per Arne Vollan 2020-10-05 14:42:38 PDT
Created attachment 410564 [details]
Patch
Comment 4 Darin Adler 2020-10-18 15:36:45 PDT
Comment on attachment 410564 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=410564&action=review

> Source/WebKit/ChangeLog:10
> +        The WebContent process has the entitlement 'com.apple.private.webkit.use-xpc-endpoint',
> +        which is not present in the development version.

I’ll take your word for it that this is a good change.

But I don’t understand what you are saying here with that sentence. You say the process "has the entitlement", but how does it get it? You say it "is not present in the development version". Is that a statement of what’s wrong and what you are fixing, and hence no longer true? Or does it mean something else.

What I see in the patch is two changes:

1) Only add use-xpc-endpoint for macOS 11.0 and newer.
2) Add use-xpc-endpoint even when WK_USE_RESTRICTED_ENTITLEMENTS is NO.

I can’t make the connection between this and "the development version" and "has the entitlement" comment above.
Comment 5 Per Arne Vollan 2020-10-20 09:04:49 PDT
(In reply to Darin Adler from comment #4)
> Comment on attachment 410564 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=410564&action=review
> 
> > Source/WebKit/ChangeLog:10
> > +        The WebContent process has the entitlement 'com.apple.private.webkit.use-xpc-endpoint',
> > +        which is not present in the development version.
> 
> I’ll take your word for it that this is a good change.
> 
> But I don’t understand what you are saying here with that sentence. You say
> the process "has the entitlement", but how does it get it? You say it "is
> not present in the development version". Is that a statement of what’s wrong
> and what you are fixing, and hence no longer true? Or does it mean something
> else.
> 
> What I see in the patch is two changes:
> 
> 1) Only add use-xpc-endpoint for macOS 11.0 and newer.
> 2) Add use-xpc-endpoint even when WK_USE_RESTRICTED_ENTITLEMENTS is NO.
> 
> I can’t make the connection between this and "the development version" and
> "has the entitlement" comment above.

Yes, the description in the change log was too short. The required entitlement 'com.apple.private.webkit.use-xpc-endpoint' is already present in com.apple.WebKit.WebContent.xpc, but not in the development XPC service, com.apple.WebKit.WebContent.Development.xpc. The intention of this patch was to add the entitlement also for the development XPC service, but I have later learned that the system WebKit development XPC service cannot have private entitlements, so this patch is now invalid.

Thanks for reviewing!