Move PCMDaemon to WebKit.framework and rename it to AdAttributionDaemon
Created attachment 438738 [details] Patch
Created attachment 438912 [details] Patch
I verified that this does not break the internal build. It puts the executable at /usr/local/bin/AdAttributionDaemon which we may want to change to inside the WebKit framework. I think we will probably want to disable it somehow for Catalyst.
Created attachment 438962 [details] Patch
There we go. This one puts it in the WebKit framework similarly to how we do with our xpc service executables.
Comment on attachment 438962 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438962&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:690 > +(allow mach-lookup (global-name "org.webkit.pcmtestdaemon.service")) Should the production network process have access to the test daemon?
(maybe instead we should grant it dynamically via SPI or something?)
Created attachment 438966 [details] Patch
It apparently doesn't need it in the iOS simulator, which is where we run tests.
Comment on attachment 438966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438966&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:689 > +(allow mach-lookup (global-name "com.apple.webkit.adattributiond.service")) Needs a Per Arne or Brent review IMO
Comment on attachment 438966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438966&action=review r=me. > Source/WebKit/ChangeLog:11 > + * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Do we expect to run this daemon on macOS, too? Or is it only iOS at this time? >> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:689 >> +(allow mach-lookup (global-name "com.apple.webkit.adattributiond.service")) > > Needs a Per Arne or Brent review IMO To allow this access, we will need to do a few things: 1. Make sure the AdAttribution daemon runs as non-root. 2. AdAttribution daemon must be sandboxed. 3. We should get Product Security to review the new daemon and the IPC messages we exchange with it. But this rule is fine for now.
Comment on attachment 438966 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=438966&action=review >> Source/WebKit/ChangeLog:11 >> + * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: > > Do we expect to run this daemon on macOS, too? Or is it only iOS at this time? Both. I already added it to the macOS sandbox.
Committed r282883 (242012@main): <https://commits.webkit.org/242012@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 438966 [details].
<rdar://problem/83416568>
http://trac.webkit.org/r283281