Cherry-pick 272448.472@safari-7618-branch (7fdb5ce). https://bugs.web…

…kit.org/show_bug.cgi?id=267886 Clean up some JSC entitlements. https://bugs.webkit.org/show_bug.cgi?id=267886 rdar://121395716 Reviewed by Justin Michaud, Per Arne Vollan, and Alexey Shvaika. * Source/JavaScriptCore/Scripts/process-entitlements.sh: * Source/JavaScriptCore/jit/ExecutableAllocator.cpp: (JSC::isJITEnabled): (JSC::ExecutableAllocator::disableJIT): * Source/WebKit/Scripts/process-entitlements.sh: Canonical link: https://commits.webkit.org/272448.472@safari-7618-branch Canonical link: https://commits.webkit.org/266719.375@webkitglib/2.42
WebKit · Mar 14, 2024 · cdd65d7 · cdd65d7
1 parent 63709f5
commit cdd65d7
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 14 deletions.
diff --git a/Source/JavaScriptCore/Scripts/process-entitlements.sh b/Source/JavaScriptCore/Scripts/process-entitlements.sh
@@ -93,13 +93,17 @@ function maccatalyst_process_testapi_entitlements()
 
 function ios_family_process_jsc_entitlements()
 {
-    plistbuddy Add :com.apple.private.verified-jit bool YES
-    plistbuddy Add :dynamic-codesigning bool YES
-}
-
-function ios_family_process_testapi_entitlements()
-{
-    ios_family_process_jsc_entitlements
+    if [[ "${WK_PLATFORM_NAME}" != watchos ]]; then
+        plistbuddy Add :com.apple.private.verified-jit bool YES
+        if (( "${WK_PLATFORM_NAME}" == iphoneos && $(( ${SDK_VERSION_ACTUAL} )) >= 170400
+            || "${WK_PLATFORM_NAME}" == appletvos && $(( ${SDK_VERSION_ACTUAL} )) >= 170400
+            || "${WK_PLATFORM_NAME}" == xros && $(( ${SDK_VERSION_ACTUAL} )) >= 10100 ))
+        then
+            plistbuddy Add :com.apple.developer.cs.allow-jit bool YES
+        else
+            plistbuddy Add :dynamic-codesigning bool YES
+        fi
+    fi
 }
 
 rm -f "${WK_PROCESSED_XCENT_FILE}"
@@ -147,13 +151,13 @@ then
     if [[ "${PRODUCT_NAME}" == jsc ||
           "${PRODUCT_NAME}" == dynbench ||
           "${PRODUCT_NAME}" == minidom ||
+          "${PRODUCT_NAME}" == testapi ||
           "${PRODUCT_NAME}" == testair ||
           "${PRODUCT_NAME}" == testb3 ||
           "${PRODUCT_NAME}" == testdfg ||
           "${PRODUCT_NAME}" == testmasm ||
           "${PRODUCT_NAME}" == testmem ||
           "${PRODUCT_NAME}" == testRegExp ]]; then ios_family_process_jsc_entitlements
-    elif [[ "${PRODUCT_NAME}" == testapi ]]; then ios_family_process_testapi_entitlements
     else echo "Unsupported/unknown product: ${PRODUCT_NAME}"
     fi
 else

diff --git a/Source/JavaScriptCore/jit/ExecutableAllocator.cpp b/Source/JavaScriptCore/jit/ExecutableAllocator.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2023 Apple Inc. All rights reserved.
+ * Copyright (C) 2008-2024 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -151,7 +151,7 @@ static bool isJITEnabled()
 {
     bool jitEnabled = !g_jscConfig.jitDisabled;
 #if HAVE(IOS_JIT_RESTRICTIONS)
-    jitEnabled = jitEnabled && processHasEntitlement("dynamic-codesigning"_s);
+    jitEnabled = jitEnabled && (processHasEntitlement("dynamic-codesigning"_s) || processHasEntitlement("com.apple.developer.cs.allow-jit"_s));
 #elif HAVE(MAC_JIT_RESTRICTIONS) && USE(APPLE_INTERNAL_SDK)
     jitEnabled = jitEnabled && processHasEntitlement("com.apple.security.cs.allow-jit"_s);
 #endif
@@ -171,7 +171,7 @@ void ExecutableAllocator::disableJIT()
 
 #if HAVE(IOS_JIT_RESTRICTIONS) || HAVE(MAC_JIT_RESTRICTIONS) && USE(APPLE_INTERNAL_SDK)
 #if HAVE(IOS_JIT_RESTRICTIONS)
-    bool shouldDisableJITMemory = processHasEntitlement("dynamic-codesigning"_s);
+    bool shouldDisableJITMemory = processHasEntitlement("dynamic-codesigning"_s) || processHasEntitlement("com.apple.developer.cs.allow-jit"_s);
 #else
     bool shouldDisableJITMemory = processHasEntitlement("com.apple.security.cs.allow-jit"_s) && !isKernOpenSource();
 #endif

diff --git a/Source/WebKit/Scripts/process-entitlements.sh b/Source/WebKit/Scripts/process-entitlements.sh
@@ -383,10 +383,16 @@ function ios_family_process_webcontent_shared_entitlements()
 
 function ios_family_process_webcontent_entitlements()
 {
-    if [[ "${WK_PLATFORM_NAME}" != watchos ]]
-    then
+    if [[ "${WK_PLATFORM_NAME}" != watchos ]]; then
         plistbuddy Add :com.apple.private.verified-jit bool YES
-        plistbuddy Add :dynamic-codesigning bool YES
+        if (( "${WK_PLATFORM_NAME}" == iphoneos && $(( ${SDK_VERSION_ACTUAL} )) >= 170400
+            || "${WK_PLATFORM_NAME}" == appletvos && $(( ${SDK_VERSION_ACTUAL} )) >= 170400
+            || "${WK_PLATFORM_NAME}" == xros && $(( ${SDK_VERSION_ACTUAL} )) >= 10100 ))
+        then
+            plistbuddy Add :com.apple.developer.cs.allow-jit bool YES
+        else
+            plistbuddy Add :dynamic-codesigning bool YES
+        fi
     fi
 
     ios_family_process_webcontent_shared_entitlements