-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Private Browsing] Noise injection doesn't apply when using Offscreen…
…Canvas in shared/service workers https://bugs.webkit.org/show_bug.cgi?id=271159 rdar://124702163 Reviewed by Sihui Liu and Chris Dumez. In Private Browsing mode in Safari 17, each `ScriptExecutionContext` has a noise injection hash salt (unique by security origin) and `AdvancedPrivacyProtections` flags, sourced from the document loader. These are used to generate noise when reading pixels back from `canvas` or `OffscreenCanvas`. For dedicated workers, plumbing already exists to propagate the hash salt via `WorkerParameters` to `WorkerGlobalScope`, where they apply to `OffscreenCanvas`. However, for both shared workers and service workers, this is insufficient, since the `OffscreenCanvas` APIs are called in a separate, potentially-remote `Page` (which currently has neither a hash salt nor the requisite `AdvancedPrivacyProtections` flags). To fix this, we extend `AdvancedPrivacyProtection` flag plumbing to work for these two remaining types of workers; see below for more details. Test: AdvancedPrivacyProtections.NoiseInjectionForOffscreenCanvasInSharedWorker * Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp: (WebCore::generateWorkletParameters): * Source/WebCore/dom/Document.cpp: (WebCore::Document::noiseInjectionPolicy const): (WebCore::Document::advancedPrivacyProtections const): * Source/WebCore/dom/Document.h: * Source/WebCore/dom/EmptyScriptExecutionContext.h: * Source/WebCore/dom/ScriptExecutionContext.h: Add an override point to return the set of active advanced privacy protection flags. For `Document`, this goes through the top document's loader. For worklets and workers, this state is passed in via `WorkerParameters` and `WorkletParameters`. * Source/WebCore/page/Page.cpp: (WebCore::Page::setupForRemoteWorker): Allow shared/service workers to pass in privacy protections when initializing the remote `Page`. * Source/WebCore/page/Page.h: * Source/WebCore/workers/Worker.cpp: (WebCore::Worker::notifyFinished): * Source/WebCore/workers/WorkerGlobalScope.cpp: (WebCore::WorkerGlobalScope::WorkerGlobalScope): * Source/WebCore/workers/WorkerInitializationData.h: (WebCore::WorkerInitializationData::isolatedCopy const): * Source/WebCore/workers/WorkerMessagingProxy.cpp: (WebCore::WorkerMessagingProxy::startWorkerGlobalScope): * Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp: (WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope): * Source/WebCore/workers/WorkerOrWorkletGlobalScope.h: (WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope): * Source/WebCore/workers/WorkerScriptLoader.cpp: (WebCore::WorkerScriptLoader::loadSynchronously): (WebCore::WorkerScriptLoader::loadAsynchronously): * Source/WebCore/workers/WorkerScriptLoader.h: (WebCore::WorkerScriptLoader::advancedPrivacyProtections const): Add a member as well as a getter to keep track of the active privacy protections for the currently loading (or loaded) worker. Later consulted in `SharedWorkerScriptLoader` to plumb the protection options into `WorkerInitializationData`, when spinning up shared workers. * Source/WebCore/workers/WorkerThread.cpp: (WebCore::WorkerParameters::isolatedCopy const): * Source/WebCore/workers/WorkerThread.h: * Source/WebCore/workers/service/ServiceWorkerClientData.cpp: (WebCore::ServiceWorkerClientData::isolatedCopy const): (WebCore::ServiceWorkerClientData::isolatedCopy): (WebCore::ServiceWorkerClientData::from): * Source/WebCore/workers/service/ServiceWorkerClientData.h: * Source/WebCore/workers/service/context/ServiceWorkerThread.cpp: (WebCore::generateWorkerParameters): (WebCore::ServiceWorkerThread::ServiceWorkerThread): * Source/WebCore/workers/service/context/ServiceWorkerThread.h: * Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp: (WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy): * Source/WebCore/workers/service/server/SWServer.cpp: (WebCore::forEachClientForOriginImpl): (WebCore::SWServer::forEachClientForOrigin const): (WebCore::SWServer::forEachClientForOrigin): (WebCore::SWServer::advancedPrivacyProtectionsFromClient const): When installing a new service worker, consult the set of matching clients (by client origin), to check if any clients of the service worker have active privacy protections; pass along the union of these active policies when installing the service worker. (WebCore::SWServer::installContextData): Pass in `AdvancedPrivacyProtections` when spinning up a new service worker. (WebCore::SWServer::runServiceWorker): * Source/WebCore/workers/service/server/SWServer.h: * Source/WebCore/workers/service/server/SWServerToContextConnection.h: * Source/WebCore/workers/shared/SharedWorkerScriptLoader.cpp: (WebCore::SharedWorkerScriptLoader::notifyFinished): * Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp: (WebCore::generateWorkerParameters): * Source/WebCore/worklets/WorkletGlobalScope.cpp: (WebCore::WorkletGlobalScope::WorkletGlobalScope): * Source/WebCore/worklets/WorkletParameters.h: (WebCore::WorkletParameters::isolatedCopy const): (WebCore::WorkletParameters::isolatedCopy): * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp: (WebKit::WebSWServerConnection::controlClient): * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp: (WebKit::WebSWServerToContextConnection::installServiceWorkerContext): * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h: * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in: * Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp: (WebKit::WebSWContextManagerConnection::installServiceWorker): Call `setupForRemoteWorker` with the privacy protection flags. * Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h: * Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in: * Source/WebKit/WebProcess/Storage/WebSharedWorkerContextManagerConnection.cpp: (WebKit::WebSharedWorkerContextManagerConnection::launchSharedWorker): Call `setupForRemoteWorker` with the privacy protection flags. * Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm: (TestWebKitAPI::sharedWorkerMainBytes): Add a new API test. Originally-landed-as: 272448.764@safari-7618-branch (e285de6). rdar://128550109 Canonical link: https://commits.webkit.org/279267@main
- Loading branch information
1 parent
4aea4a2
commit c33df2d
Showing
38 changed files
with
215 additions
and
41 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.