[webkit-changes] [202024] trunk/Source/WebKit2

[mitz]

Title: [202024] trunk/Source/WebKit2

Revision

202024

Author

m...@apple.com

Date

2016-06-13 21:03:02 -0700 (Mon, 13 Jun 2016)

Log Message

[Mac] Web Content service with a restricted entitlement may load arbitrary dylibs
https://bugs.webkit.org/show_bug.cgi?id=156668
<rdar://problem/26714558>

Reviewed by Anders Carlsson.

* Configurations/WebContentService.xcconfig: Enable library validation when the Web Content
  service is given the XPC domain extension entitlement when targeting macOS Sierra or later.

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/Configurations/WebContentService.xcconfig

Diff

Modified: trunk/Source/WebKit2/ChangeLog (202023 => 202024)

--- trunk/Source/WebKit2/ChangeLog	2016-06-14 03:28:10 UTC (rev 202023)
+++ trunk/Source/WebKit2/ChangeLog	2016-06-14 04:03:02 UTC (rev 202024)
@@ -1,3 +1,14 @@
+2016-06-13  Dan Bernstein  <m...@apple.com>
+
+        [Mac] Web Content service with a restricted entitlement may load arbitrary dylibs
+        https://bugs.webkit.org/show_bug.cgi?id=156668
+        <rdar://problem/26714558>
+
+        Reviewed by Anders Carlsson.
+
+        * Configurations/WebContentService.xcconfig: Enable library validation when the Web Content
+          service is given the XPC domain extension entitlement when targeting macOS Sierra or later.
+
 2016-06-13  Alex Christensen  <achristen...@webkit.org>
 
         Add WebSocketProvider stub

Modified: trunk/Source/WebKit2/Configurations/WebContentService.xcconfig (202023 => 202024)

--- trunk/Source/WebKit2/Configurations/WebContentService.xcconfig	2016-06-14 03:28:10 UTC (rev 202023)
+++ trunk/Source/WebKit2/Configurations/WebContentService.xcconfig	2016-06-14 04:03:02 UTC (rev 202024)
@@ -27,6 +27,9 @@
 
 CODE_SIGN_ENTITLEMENTS[sdk=macosx*] = $(CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT));
 CODE_SIGN_ENTITLEMENTS_OSX_WITH_XPC_DOMAIN_EXTENSION_YES = Configurations/WebContent-OSX.entitlements;
+OTHER_CODE_SIGN_FLAGS[sdk=macosx*] = $(OTHER_CODE_SIGN_FLAGS_macosx_$(TARGET_MAC_OS_X_VERSION_MAJOR));
+OTHER_CODE_SIGN_FLAGS_macosx_101200 = $(WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS);
+OTHER_CODE_SIGN_FLAGS_macosx_101300 = $(OTHER_CODE_SIGN_FLAGS_macosx_101200);
 
 PRODUCT_NAME = com.apple.WebKit.WebContent$(WK_XPC_SERVICE_SUFFIX);
 INFOPLIST_FILE[sdk=iphone*] = WebProcess/EntryPoint/mac/XPCService/WebContentService/Info-iOS.plist;
@@ -40,3 +43,6 @@
 WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_ = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO);
 WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_NO = $(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT);
 WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT_YES = $(WK_RELOCATABLE_FRAMEWORKS);
+
+WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS = $(WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS_$(WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT));
+WK_XPC_DOMAIN_EXTENSION_CODE_SIGN_FLAGS_YES = -o library;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes