Skip to content

Commit

Permalink
Whitelist more notifyd notifications for WebContent
Browse files Browse the repository at this point in the history 
https://bugs.webkit.org/show_bug.cgi?id=274910
rdar://128970749

Reviewed by Per Arne Vollan.

After looking at more data it looks like we are still not forwarding a number of notifyd
notifications that WebContent cares about when ENABLE_NOTIFY_BLOCKING is on.

Add in those missing notification names and also refactor the way the list of notifications is
handled, since that knowledge is currently distributed across 3 places in the codebase:

 - process-entitlements.sh
 - WebProcessPool::registerNotificationObservers()
 - iOS/macOS WebContentsandbox profile

Ideally these lists would come from some centralized file. But for now, I've at least reorganized
things so it should be easier to keep these lists in sync.

* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
* Source/WebKit/Scripts/process-entitlements.sh:
* Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::registerNotificationObservers):
* Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:

Canonical link: https://commits.webkit.org/279548@main
  • Loading branch information
@bnham
bnham committed May 30, 2024
1 parent 5ea0ef4 commit 957ddb2
Show file tree
Hide file tree
Showing 4 changed files with 201 additions and 86 deletions.
43 changes: 31 additions & 12 deletions Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1459,6 +1459,9 @@
(allow darwin-notification-post
(notification-name
#if ENABLE(NOTIFY_BLOCKING)
;; Keep in sync with notify_entitlements() in process-entitlements.sh.
;; FORWARDED_NOTIFICATIONS
"_NS_ctasd"
"com.apple.CFPreferences._domainsChangedExternally"
"com.apple.WebKit.LibraryPathDiagnostics"
"com.apple.WebKit.deleteAllCode"
Expand All @@ -1475,24 +1478,18 @@
"com.apple.WebKit.showMemoryCache"
"com.apple.WebKit.showPaintOrderTree"
"com.apple.WebKit.showRenderTree"
"com.apple.accessibility.cache.app.ax"
"com.apple.accessibility.cache.ax"
"com.apple.accessibility.cache.enhance.text.legibility"
"com.apple.accessibility.cache.enhance.text.legibilitycom.apple.WebKit.WebContent"
"com.apple.accessibility.cache.guided.access.via.mdm"
"com.apple.accessibility.cache.invert.colors"
"com.apple.accessibility.cache.invert.colorscom.apple.WebKit.WebContent"
"com.apple.accessibility.cache.vot"
"com.apple.accessibility.cache.zoom"
"com.apple.analyticsd.running"
"com.apple.coreaudio.list_components"
"com.apple.distnote.locale_changed"
"com.apple.language.changed"
"com.apple.mediaaccessibility.audibleMediaSettingsChanged"
"com.apple.mediaaccessibility.captionAppearanceSettingsChanged"
"com.apple.mobile.keybagd.lock_status"
"com.apple.mobile.keybagd.user_changed"
"com.apple.mobile.usermanagerd.foregrounduser_changed"
"com.apple.powerlog.state_changed"
"com.apple.system.logging.prefschanged"
"com.apple.system.lowpowermode"
"com.apple.system.networkd.settings"
"com.apple.system.timezone"
"com.apple.webinspectord.automatic_inspection_enabled"
"com.apple.webinspectord.available"
"com.apple.zoomwindow"
"org.WebKit.lowMemory"
Expand All @@ -1501,6 +1498,28 @@
"org.WebKit.memoryWarning"
"org.WebKit.memoryWarning.begin"
"org.WebKit.memoryWarning.end"

;; EMBEDDED_FORWARDED_NOTIFICATIONS
"com.apple.mobile.usermanagerd.foregrounduser_changed"
"com.apple.mobile.keybagd.lock_status"
"com.apple.mobile.keybagd.user_changed"

;; NON_FORWARDED_NOTIFICATIONS
"com.apple.accessibility.cache.app.ax"
"com.apple.accessibility.cache.ax"
"com.apple.accessibility.cache.enhance.text.legibility"
"com.apple.accessibility.cache.enhance.text.legibilitycom.apple.WebKit.WebContent"
"com.apple.accessibility.cache.guided.access"
"com.apple.accessibility.cache.guided.access.via.mdm"
"com.apple.accessibility.cache.hearing.aid.paired"
"com.apple.accessibility.cache.invert.colors"
"com.apple.accessibility.cache.invert.colorscom.apple.WebKit.WebContent"
"com.apple.accessibility.cache.reduce.motion"
"com.apple.accessibility.cache.reduce.motioncom.apple.WebKit.WebContent"
"com.apple.accessibility.cache.speech.settings.disabled.by.mc"
"com.apple.accessibility.cache.switch.control"
"com.apple.accessibility.cache.vot"
"com.apple.accessibility.cache.zoom"
#endif
"_AXNotification_AXSClassicInvertColorsPreference"
"com.apple.WebContentFilter.remoteUI.WebContentAnalysisUI-com.apple.uikit.viewService.connectionRequest"
Expand Down
138 changes: 101 additions & 37 deletions Source/WebKit/Scripts/process-entitlements.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -201,47 +201,111 @@ function notify_entitlements()
then
plistbuddy Add :com.apple.developer.web-browser-engine.restrict.notifyd bool YES
plistbuddy Add :com.apple.private.darwin-notification.introspect array
plistbuddy Add :com.apple.private.darwin-notification.introspect:0 string com.apple.CFPreferences._domainsChangedExternally
plistbuddy Add :com.apple.private.darwin-notification.introspect:1 string com.apple.WebKit.LibraryPathDiagnostics
plistbuddy Add :com.apple.private.darwin-notification.introspect:2 string com.apple.WebKit.deleteAllCode
plistbuddy Add :com.apple.private.darwin-notification.introspect:3 string com.apple.WebKit.fullGC
plistbuddy Add :com.apple.private.darwin-notification.introspect:4 string com.apple.accessibility.cache.app.ax
plistbuddy Add :com.apple.private.darwin-notification.introspect:5 string com.apple.accessibility.cache.ax
plistbuddy Add :com.apple.private.darwin-notification.introspect:6 string com.apple.accessibility.cache.enhance.text.legibility
plistbuddy Add :com.apple.private.darwin-notification.introspect:7 string com.apple.accessibility.cache.enhance.text.legibilitycom.apple.WebKit.WebContent
plistbuddy Add :com.apple.private.darwin-notification.introspect:8 string com.apple.accessibility.cache.guided.access
plistbuddy Add :com.apple.private.darwin-notification.introspect:9 string com.apple.accessibility.cache.guided.access.via.mdm
plistbuddy Add :com.apple.private.darwin-notification.introspect:10 string com.apple.accessibility.cache.hearing.aid.paired
plistbuddy Add :com.apple.private.darwin-notification.introspect:11 string com.apple.accessibility.cache.invert.colors
plistbuddy Add :com.apple.private.darwin-notification.introspect:12 string com.apple.accessibility.cache.invert.colorscom.apple.WebKit.WebContent
plistbuddy Add :com.apple.private.darwin-notification.introspect:13 string com.apple.accessibility.cache.reduce.motion
plistbuddy Add :com.apple.private.darwin-notification.introspect:14 string com.apple.accessibility.cache.reduce.motioncom.apple.WebKit.WebContent
plistbuddy Add :com.apple.private.darwin-notification.introspect:15 string com.apple.accessibility.cache.speech.settings.disabled.by.mc
plistbuddy Add :com.apple.private.darwin-notification.introspect:16 string com.apple.accessibility.cache.switch.control
plistbuddy Add :com.apple.private.darwin-notification.introspect:17 string com.apple.accessibility.cache.vot
plistbuddy Add :com.apple.private.darwin-notification.introspect:18 string com.apple.accessibility.cache.zoom
plistbuddy Add :com.apple.private.darwin-notification.introspect:19 string com.apple.language.changed
plistbuddy Add :com.apple.private.darwin-notification.introspect:20 string com.apple.mediaaccessibility.audibleMediaSettingsChanged
plistbuddy Add :com.apple.private.darwin-notification.introspect:21 string com.apple.mediaaccessibility.captionAppearanceSettingsChanged
plistbuddy Add :com.apple.private.darwin-notification.introspect:22 string com.apple.powerlog.state_changed
plistbuddy Add :com.apple.private.darwin-notification.introspect:23 string com.apple.system.logging.prefschanged
plistbuddy Add :com.apple.private.darwin-notification.introspect:24 string com.apple.system.lowpowermode
plistbuddy Add :com.apple.private.darwin-notification.introspect:25 string com.apple.system.timezone
plistbuddy Add :com.apple.private.darwin-notification.introspect:26 string com.apple.zoomwindow
plistbuddy Add :com.apple.private.darwin-notification.introspect:27 string org.WebKit.lowMemory
plistbuddy Add :com.apple.private.darwin-notification.introspect:28 string org.WebKit.lowMemory.begin

# Keep in sync with the list in WebProcessPool::registerNotificationObservers.
FORWARDED_NOTIFICATIONS=(
"_NS_ctasd"
"com.apple.CFPreferences._domainsChangedExternally"
"com.apple.WebKit.LibraryPathDiagnostics"
"com.apple.WebKit.deleteAllCode"
"com.apple.WebKit.dumpGCHeap"
"com.apple.WebKit.dumpUntrackedMallocs"
"com.apple.WebKit.fullGC"
"com.apple.WebKit.logMemStats"
"com.apple.WebKit.logPageState"
"com.apple.WebKit.showAllDocuments"
"com.apple.WebKit.showBackForwardCache"
"com.apple.WebKit.showGraphicsLayerTree"
"com.apple.WebKit.showLayerTree"
"com.apple.WebKit.showLayoutTree"
"com.apple.WebKit.showMemoryCache"
"com.apple.WebKit.showPaintOrderTree"
"com.apple.WebKit.showRenderTree"
"com.apple.analyticsd.running"
"com.apple.coreaudio.list_components"
"com.apple.distnote.locale_changed"
"com.apple.language.changed"
"com.apple.mediaaccessibility.audibleMediaSettingsChanged"
"com.apple.mediaaccessibility.captionAppearanceSettingsChanged"
"com.apple.powerlog.state_changed"
"com.apple.system.logging.prefschanged"
"com.apple.system.lowpowermode"
"com.apple.system.networkd.settings"
"com.apple.system.timezone"
"com.apple.webinspectord.automatic_inspection_enabled"
"com.apple.webinspectord.available"
"com.apple.zoomwindow"
"org.WebKit.lowMemory"
"org.WebKit.lowMemory.begin"
"org.WebKit.lowMemory.end"
"org.WebKit.memoryWarning"
"org.WebKit.memoryWarning.begin"
"org.WebKit.memoryWarning.end"
)

# Keep in sync with the PLATFORM(MAC) list in WebProcessPool::registerNotificationObservers.
MACOS_FORWARDED_NOTIFICATIONS=(
"com.apple.sessionagent.screenLockUIIsHidden"
"com.apple.sessionagent.screenLockUIIsShowing"
"com.apple.sessionagent.screenLockUIIsShown"
"com.apple.sessionagent.shieldWindowIsShowing"
"com.apple.sessionagent.shieldWindowLowered"
"com.apple.sessionagent.shieldWindowRaised"
"com.apple.system.DirectoryService.InvalidateCache"
"com.apple.system.DirectoryService.InvalidateCache.group"
"com.apple.system.DirectoryService.InvalidateCache.host"
"com.apple.system.DirectoryService.InvalidateCache.service"
"com.apple.system.DirectoryService.InvalidateCache.user"
)

# Keep in sync with the !PLATFORM(MAC) list in WebProcessPool::registerNotificationObservers.
EMBEDDED_FORWARDED_NOTIFICATIONS=(
"com.apple.mobile.usermanagerd.foregrounduser_changed"
"com.apple.mobile.keybagd.lock_status"
"com.apple.mobile.keybagd.user_changed"
)

# WebContent registers for these notifications but they are only posted in-process.
NON_FORWARDED_NOTIFICATIONS=(
"com.apple.accessibility.cache.app.ax"
"com.apple.accessibility.cache.ax"
"com.apple.accessibility.cache.enhance.text.legibility"
"com.apple.accessibility.cache.enhance.text.legibilitycom.apple.WebKit.WebContent"
"com.apple.accessibility.cache.guided.access"
"com.apple.accessibility.cache.guided.access.via.mdm"
"com.apple.accessibility.cache.hearing.aid.paired"
"com.apple.accessibility.cache.invert.colors"
"com.apple.accessibility.cache.invert.colorscom.apple.WebKit.WebContent"
"com.apple.accessibility.cache.reduce.motion"
"com.apple.accessibility.cache.reduce.motioncom.apple.WebKit.WebContent"
"com.apple.accessibility.cache.speech.settings.disabled.by.mc"
"com.apple.accessibility.cache.switch.control"
"com.apple.accessibility.cache.vot"
"com.apple.accessibility.cache.zoom"
)

for NOTIFICATION in ${FORWARDED_NOTIFICATIONS[*]}; do
plistbuddy Add :com.apple.private.darwin-notification.introspect:$NOTIFICATION_INDEX string "$NOTIFICATION"
NOTIFICATION_INDEX=$((NOTIFICATION_INDEX + 1))
done

if [[ "${WK_PLATFORM_NAME}" == macosx ]]
then
plistbuddy Add :com.apple.private.darwin-notification.introspect:29 string com.apple.system.DirectoryService.InvalidateCache
plistbuddy Add :com.apple.private.darwin-notification.introspect:30 string com.apple.system.DirectoryService.InvalidateCache.group
plistbuddy Add :com.apple.private.darwin-notification.introspect:31 string com.apple.system.DirectoryService.InvalidateCache.host
plistbuddy Add :com.apple.private.darwin-notification.introspect:32 string com.apple.system.DirectoryService.InvalidateCache.service
plistbuddy Add :com.apple.private.darwin-notification.introspect:33 string com.apple.system.DirectoryService.InvalidateCache.user
for NOTIFICATION in ${MACOS_FORWARDED_NOTIFICATIONS[*]}; do
plistbuddy Add :com.apple.private.darwin-notification.introspect:$NOTIFICATION_INDEX string "$NOTIFICATION"
NOTIFICATION_INDEX=$((NOTIFICATION_INDEX + 1))
done
else
plistbuddy Add :com.apple.private.darwin-notification.introspect:29 string com.apple.mobile.usermanagerd.foregrounduser_changed
plistbuddy Add :com.apple.private.darwin-notification.introspect:30 string com.apple.mobile.keybagd.lock_status
plistbuddy Add :com.apple.private.darwin-notification.introspect:31 string com.apple.mobile.keybagd.user_changed
for NOTIFICATION in ${EMBEDDED_FORWARDED_NOTIFICATIONS[*]}; do
plistbuddy Add :com.apple.private.darwin-notification.introspect:$NOTIFICATION_INDEX string "$NOTIFICATION"
NOTIFICATION_INDEX=$((NOTIFICATION_INDEX + 1))
done
fi

for NOTIFICATION in ${NON_FORWARDED_NOTIFICATIONS[*]}; do
plistbuddy Add :com.apple.private.darwin-notification.introspect:$NOTIFICATION_INDEX string "$NOTIFICATION"
NOTIFICATION_INDEX=$((NOTIFICATION_INDEX + 1))
done
fi
}

Expand Down
51 changes: 29 additions & 22 deletions Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -701,6 +701,10 @@ static void logProcessPoolState(const WebProcessPool& pool)

#if ENABLE(NOTIFY_BLOCKING)
const Vector<ASCIILiteral> notificationMessages = {
// Keep in sync with notify_entitlements() in process-entitlements.sh.
// FORWARDED_NOTIFICATIONS
"_NS_ctasd"_s,
"com.apple.CFPreferences._domainsChangedExternally"_s,
"com.apple.WebKit.LibraryPathDiagnostics"_s,
"com.apple.WebKit.deleteAllCode"_s,
"com.apple.WebKit.dumpGCHeap"_s,
Expand All @@ -716,35 +720,18 @@ static void logProcessPoolState(const WebProcessPool& pool)
"com.apple.WebKit.showMemoryCache"_s,
"com.apple.WebKit.showPaintOrderTree"_s,
"com.apple.WebKit.showRenderTree"_s,
"com.apple.CFPreferences._domainsChangedExternally"_s,
"com.apple.accessibility.cache.app.ax"_s,
"com.apple.accessibility.cache.ax"_s,
"com.apple.accessibility.cache.enhance.text.legibility"_s,
"com.apple.accessibility.cache.enhance.text.legibilitycom.apple.WebKit.WebContent"_s,
"com.apple.accessibility.cache.guided.access.via.mdm"_s,
"com.apple.accessibility.cache.invert.colors"_s,
"com.apple.accessibility.cache.invert.colorscom.apple.WebKit.WebContent"_s,
"com.apple.accessibility.cache.vot"_s,
"com.apple.accessibility.cache.zoom"_s,
"com.apple.analyticsd.running"_s,
"com.apple.coreaudio.list_components"_s,
"com.apple.distnote.locale_changed"_s,
"com.apple.language.changed"_s,
"com.apple.mediaaccessibility.audibleMediaSettingsChanged"_s,
"com.apple.mediaaccessibility.captionAppearanceSettingsChanged"_s,
#if !PLATFORM(MAC)
"com.apple.mobile.usermanagerd.foregrounduser_changed"_s,
"com.apple.mobile.keybagd.lock_status"_s,
"com.apple.mobile.keybagd.user_changed"_s,
#endif
"com.apple.powerlog.state_changed"_s,
#if PLATFORM(MAC)
"com.apple.system.DirectoryService.InvalidateCache"_s,
"com.apple.system.DirectoryService.InvalidateCache.group"_s,
"com.apple.system.DirectoryService.InvalidateCache.host"_s,
"com.apple.system.DirectoryService.InvalidateCache.service"_s,
"com.apple.system.DirectoryService.InvalidateCache.user"_s,
#endif
"com.apple.system.logging.prefschanged"_s,
"com.apple.system.lowpowermode"_s,
"com.apple.system.networkd.settings"_s,
"com.apple.system.timezone"_s,
"com.apple.webinspectord.automatic_inspection_enabled"_s,
"com.apple.webinspectord.available"_s,
"com.apple.zoomwindow"_s,
"org.WebKit.lowMemory"_s,
Expand All @@ -753,6 +740,26 @@ static void logProcessPoolState(const WebProcessPool& pool)
"org.WebKit.memoryWarning"_s,
"org.WebKit.memoryWarning.begin"_s,
"org.WebKit.memoryWarning.end"_s,

#if PLATFORM(MAC)
// MACOS_FORWARDED_NOTIFICATIONS
"com.apple.sessionagent.screenLockUIIsHidden"_s,
"com.apple.sessionagent.screenLockUIIsShowing"_s,
"com.apple.sessionagent.screenLockUIIsShown"_s,
"com.apple.sessionagent.shieldWindowIsShowing"_s,
"com.apple.sessionagent.shieldWindowLowered"_s,
"com.apple.sessionagent.shieldWindowRaised"_s,
"com.apple.system.DirectoryService.InvalidateCache"_s,
"com.apple.system.DirectoryService.InvalidateCache.group"_s,
"com.apple.system.DirectoryService.InvalidateCache.host"_s,
"com.apple.system.DirectoryService.InvalidateCache.service"_s,
"com.apple.system.DirectoryService.InvalidateCache.user"_s,
#else
// EMBEDDED_FORWARDED_NOTIFICATIONS
"com.apple.mobile.usermanagerd.foregrounduser_changed"_s,
"com.apple.mobile.keybagd.lock_status"_s,
"com.apple.mobile.keybagd.user_changed"_s,
#endif
};
m_notifyTokens = WTF::compactMap(notificationMessages, [weakThis = WeakPtr { *this }](const ASCIILiteral& message) -> std::optional<int> {
int notifyToken = 0;
Expand Down
Loading

0 comments on commit 957ddb2

Please sign in to comment.