Skip to content
Permalink
Browse files
[WebRTC][WebKit2] Support expanding the sandbox to allow microphone a…
…ccess at process launch

https://bugs.webkit.org/show_bug.cgi?id=167669
<rdar://problem/29974333>

Reviewed by Alexey Proskuryakov.

This change implements a temporary workaround to <rdar://problem/29448368> to allow us to do live
testing of WebRTC microphone access. It should be removed when that underlying bug is fixed.

This change adds a new process creation parameter that indicates whether we wish to expand the
sandbox to allow microphone access.

Tested by WebRTC suite (part of another set of bugs).

* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode): Serialize the audio access entitlement handle.
(WebKit::WebProcessCreationParameters::decode): Ditto.
* Shared/WebProcessCreationParameters.h:
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::createNewWebProcess): Create an entitlement handle and pass along to
the child process.
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess): If an audio entitlement (for the microphone)
was desired, expand the sandbox to include access.


Canonical link: https://commits.webkit.org/184709@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@211470 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
brentfulgham committed Feb 1, 2017
1 parent eacd191 commit 9f770fde25d1b378270bdada773d121a8c3a5bcd
@@ -1,3 +1,30 @@
2017-01-31 Brent Fulgham <bfulgham@apple.com>

[WebRTC][WebKit2] Support expanding the sandbox to allow microphone access at process launch
https://bugs.webkit.org/show_bug.cgi?id=167669
<rdar://problem/29974333>

Reviewed by Alexey Proskuryakov.

This change implements a temporary workaround to <rdar://problem/29448368> to allow us to do live
testing of WebRTC microphone access. It should be removed when that underlying bug is fixed.

This change adds a new process creation parameter that indicates whether we wish to expand the
sandbox to allow microphone access.

Tested by WebRTC suite (part of another set of bugs).

* Shared/WebProcessCreationParameters.cpp:
(WebKit::WebProcessCreationParameters::encode): Serialize the audio access entitlement handle.
(WebKit::WebProcessCreationParameters::decode): Ditto.
* Shared/WebProcessCreationParameters.h:
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::createNewWebProcess): Create an entitlement handle and pass along to
the child process.
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess): If an audio entitlement (for the microphone)
was desired, expand the sandbox to include access.

2017-01-31 Tim Horton <timothy_horton@apple.com>

Fix the build.
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2016 Apple Inc. All rights reserved.
* Copyright (C) 2010-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -78,6 +78,9 @@ void WebProcessCreationParameters::encode(IPC::Encoder& encoder) const
#endif
encoder << mediaKeyStorageDirectory;
encoder << mediaKeyStorageDirectoryExtensionHandle;
#if ENABLE(MEDIA_STREAM)
encoder << audioCaptureExtensionHandle;
#endif
encoder << shouldUseTestingNetworkSession;
encoder << urlSchemesRegisteredAsEmptyDocument;
encoder << urlSchemesRegisteredAsSecure;
@@ -194,6 +197,10 @@ bool WebProcessCreationParameters::decode(IPC::Decoder& decoder, WebProcessCreat
return false;
if (!decoder.decode(parameters.mediaKeyStorageDirectoryExtensionHandle))
return false;
#if ENABLE(MEDIA_STREAM)
if (!decoder.decode(parameters.audioCaptureExtensionHandle))
return false;
#endif
if (!decoder.decode(parameters.shouldUseTestingNetworkSession))
return false;
if (!decoder.decode(parameters.urlSchemesRegisteredAsEmptyDocument))
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2016 Apple Inc. All rights reserved.
* Copyright (C) 2010-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -84,6 +84,9 @@ struct WebProcessCreationParameters {
SandboxExtension::Handle containerTemporaryDirectoryExtensionHandle;
#endif
SandboxExtension::Handle mediaKeyStorageDirectoryExtensionHandle;
#if ENABLE(MEDIA_STREAM)
SandboxExtension::Handle audioCaptureExtensionHandle;
#endif
String mediaKeyStorageDirectory;

bool shouldUseTestingNetworkSession;
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2010-2016 Apple Inc. All rights reserved.
* Copyright (C) 2010-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -61,6 +61,7 @@
#include "WebNotificationManagerProxy.h"
#include "WebPageGroup.h"
#include "WebPreferences.h"
#include "WebPreferencesKeys.h"
#include "WebProcessCreationParameters.h"
#include "WebProcessMessages.h"
#include "WebProcessPoolMessages.h"
@@ -71,6 +72,7 @@
#include <WebCore/LinkHash.h>
#include <WebCore/LogInitialization.h>
#include <WebCore/ResourceRequest.h>
#include <WebCore/RuntimeEnabledFeatures.h>
#include <WebCore/SessionID.h>
#include <WebCore/URLParser.h>
#include <runtime/JSCInlines.h>
@@ -574,6 +576,12 @@ WebProcessProxy& WebProcessPool::createNewWebProcess()
if (!parameters.mediaKeyStorageDirectory.isEmpty())
SandboxExtension::createHandleWithoutResolvingPath(parameters.mediaKeyStorageDirectory, SandboxExtension::ReadWrite, parameters.mediaKeyStorageDirectoryExtensionHandle);

#if ENABLE(MEDIA_STREAM)
// FIXME: Remove this and related parameter when <rdar://problem/29448368> is fixed.
if (RuntimeEnabledFeatures::sharedFeatures().mediaStreamEnabled())
SandboxExtension::createHandleForGenericExtension("com.apple.webkit.microphone", parameters.audioCaptureExtensionHandle);
#endif

parameters.shouldUseTestingNetworkSession = m_shouldUseTestingNetworkSession;

parameters.cacheModel = cacheModel();
@@ -794,8 +802,12 @@ Ref<WebPageProxy> WebProcessPool::createWebPage(PageClient& pageClient, Ref<API:
} else if (pageConfiguration->relatedPage()) {
// Sharing processes, e.g. when creating the page via window.open().
process = &pageConfiguration->relatedPage()->process();
} else
} else {
#if ENABLE(MEDIA_STREAM)
RuntimeEnabledFeatures::sharedFeatures().setMediaStreamEnabled(pageConfiguration->preferences()->store().getBoolValueForKey(WebPreferencesKey::mediaStreamEnabledKey()));
#endif
process = &createNewWebProcessRespectingProcessCountLimit();
}

return process->createWebPage(pageClient, WTFMove(pageConfiguration));
}
@@ -1,5 +1,5 @@
/*
* Copyright (C) 2010 Apple Inc. All rights reserved.
* Copyright (C) 2010-2017 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -99,6 +99,9 @@ static id NSApplicationAccessibilityFocusedUIElement(NSApplication*, SEL)
SandboxExtension::consumePermanently(parameters.applicationCacheDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.mediaCacheDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.mediaKeyStorageDirectoryExtensionHandle);
#if ENABLE(MEDIA_STREAM)
SandboxExtension::consumePermanently(parameters.audioCaptureExtensionHandle);
#endif
#if PLATFORM(IOS)
SandboxExtension::consumePermanently(parameters.cookieStorageDirectoryExtensionHandle);
SandboxExtension::consumePermanently(parameters.containerCachesDirectoryExtensionHandle);

0 comments on commit 9f770fd

Please sign in to comment.