WebKit Bugzilla
Attachment 370816 Details for
Bug 198318
: Optionally respect device management restrictions when loading from the network
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-198318-20190528175756.patch (text/plain), 36.09 KB, created by
Tim Horton
on 2019-05-28 17:57:57 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Tim Horton
Created:
2019-05-28 17:57:57 PDT
Size:
36.09 KB
patch
obsolete
>Subversion Revision: 245751 >diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog >index c265abdd0eda26e7f1a2d9d4fc4ef12ab5a3c998..43126e6ad7bd2e5ae80ccf3c27ca8eb710d61664 100644 >--- a/Source/WTF/ChangeLog >+++ b/Source/WTF/ChangeLog >@@ -1,3 +1,13 @@ >+2019-05-28 Tim Horton <timothy_horton@apple.com> >+ >+ Optionally respect device management restrictions when loading from the network >+ https://bugs.webkit.org/show_bug.cgi?id=198318 >+ <rdar://problem/44263806> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * wtf/Platform.h: >+ > 2019-05-23 Don Olmstead <don.olmstead@sony.com> > > [CMake] Use target oriented design for bmalloc >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 3dbb5c2a7db7da72c420032b23a5aa181e04cda5..46aed088af8b683bbc973779b9f91d5006cd9401 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,51 @@ >+2019-05-28 Tim Horton <timothy_horton@apple.com> >+ >+ Optionally respect device management restrictions when loading from the network >+ https://bugs.webkit.org/show_bug.cgi?id=198318 >+ <rdar://problem/44263806> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * Configurations/Network-iOS.entitlements: >+ * NetworkProcess/NetworkDataTask.cpp: >+ (WebKit::NetworkDataTask::create): >+ * NetworkProcess/NetworkLoadParameters.h: >+ * NetworkProcess/NetworkResourceLoadParameters.cpp: >+ (WebKit::NetworkResourceLoadParameters::encode const): >+ (WebKit::NetworkResourceLoadParameters::decode): >+ * NetworkProcess/NetworkSessionCreationParameters.cpp: >+ (WebKit::NetworkSessionCreationParameters::privateSessionParameters): >+ (WebKit::NetworkSessionCreationParameters::encode const): >+ (WebKit::NetworkSessionCreationParameters::decode): >+ * NetworkProcess/NetworkSessionCreationParameters.h: >+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.h: >+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: >+ (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa): >+ (WebKit::NetworkDataTaskCocoa::resume): >+ * NetworkProcess/cocoa/NetworkSessionCocoa.h: >+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm: >+ (-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]): >+ (WebKit::NetworkSessionCocoa::NetworkSessionCocoa): >+ (WebKit::NetworkSessionCocoa::deviceManagementPolicyMonitor): >+ * Platform/spi/Cocoa/DeviceManagementSPI.h: Added. >+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: >+ * UIProcess/API/Cocoa/WKWebsiteDataStore.mm: >+ (-[WKWebsiteDataStore _initWithConfiguration:]): >+ * UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h: >+ * UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm: >+ (-[_WKWebsiteDataStoreConfiguration deviceManagementRestrictionsEnabled]): >+ (-[_WKWebsiteDataStoreConfiguration setDeviceManagementRestrictionsEnabled:]): >+ * UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm: >+ (WebKit::WebsiteDataStore::parameters): >+ * UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp: >+ (WebKit::WebsiteDataStoreConfiguration::copy): >+ * UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h: >+ (WebKit::WebsiteDataStoreConfiguration::deviceManagementRestrictionsEnabled const): >+ (WebKit::WebsiteDataStoreConfiguration::setDeviceManagementRestrictionsEnabled): >+ * WebKit.xcodeproj/project.pbxproj: >+ * WebProcess/Network/WebLoaderStrategy.cpp: >+ (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess): >+ > 2019-05-24 Youenn Fablet <youenn@apple.com> > > Update messages_unittest.py after r245715 >diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h >index 447bb18a8f028c29501d3931fb9557a8d53a2607..795f33c57f5a46204e6aa92af73224e4c10a9a35 100644 >--- a/Source/WTF/wtf/Platform.h >+++ b/Source/WTF/wtf/Platform.h >@@ -1547,6 +1547,10 @@ > #define HAVE_ROUTE_SHARING_POLICY_LONG_FORM_VIDEO 1 > #endif > >+#if (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 120000) >+#define HAVE_DEVICE_MANAGEMENT 1 >+#endif >+ > #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MAX_ALLOWED < 101500 > #define USE_REALPATH_FOR_DLOPEN_PREFLIGHT 1 > #endif >diff --git a/Source/WebKit/Configurations/Network-iOS.entitlements b/Source/WebKit/Configurations/Network-iOS.entitlements >index 2ee696638f672e6237da0b7478afe9936b48863a..53dfd56354099ef03091d1d5c594b3f173b28591 100644 >GIT binary patch >delta 244 >zcmX@a@|{U4sURn_xWvHVIwKP^3o9Et2L~4i5X1{;PgZ8swul#yOU}>LODrhJN!2ST >z$}CGPN!80u&CM^WEG|hbDJ_l{5G+njEJ;euDbXz`%1_J8Nd=0@O#CRr950|bc?P4V >z5|E2&MoMmqUO|3NW^!e`fY!u~T4|h|3%TP3q!B8^Q<J<iOZ5CwOUm<$vNQA2Ie~zI >xgF&3Zl_8CxieV<hQHCdsf{a3p!i=Jf#*8M6ri^9`V8Fx(p&10AG?ZdA2LQr*K2rby > >literal 578 >zcma)(-%G<V5XYalzar+niN1++9lA{zj#;oGK4#51L(?WC*VX>_UbljZ!hAixKR$Pt >z&Od6)4iKVo&5U1(OU|Gvoi@#W#-EG(<eJa3X?n4ITokYQig{}yvi$jOvtBTsNO|kM >z1u2)slI5HAQ^6=h%GH)L{*LHxr0lv*s6i!4R}aD{^WZ!L>^BsakU?nFoN7+#KX7QO >zO^Mlbl2*`X6fuU?twn<>R)i{I9}#M5Q87|5EfZ5Y=*fnm1^L_WRbNAcLRp)rvV?fv >z5zIj$2vWPY!6<fZqb(R6y>oAbakg>{sG)X&h!wW~E^Poi7b+25Spg;*EbIy9@5%@Y >ycVIE`fxs+$wWtu(aFt0KF%a^%gTBD-!JyclijM1y8akpJjj23+BbCQrWz$aq0m3u@ > >diff --git a/Source/WebKit/NetworkProcess/NetworkDataTask.cpp b/Source/WebKit/NetworkProcess/NetworkDataTask.cpp >index f1f01115d231aabd7de0ed00c0784f188f09cc54..5c849c692017b83803390b7333a9da9265613360 100644 >--- a/Source/WebKit/NetworkProcess/NetworkDataTask.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkDataTask.cpp >@@ -50,7 +50,7 @@ Ref<NetworkDataTask> NetworkDataTask::create(NetworkSession& session, NetworkDat > { > ASSERT(!parameters.request.url().protocolIsBlob()); > #if PLATFORM(COCOA) >- return NetworkDataTaskCocoa::create(session, client, parameters.request, parameters.webFrameID, parameters.webPageID, parameters.storedCredentialsPolicy, parameters.contentSniffingPolicy, parameters.contentEncodingSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect, parameters.shouldPreconnectOnly, parameters.isMainFrameNavigation, parameters.networkActivityTracker); >+ return NetworkDataTaskCocoa::create(session, client, parameters.request, parameters.webFrameID, parameters.webPageID, parameters.storedCredentialsPolicy, parameters.contentSniffingPolicy, parameters.contentEncodingSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect, parameters.shouldPreconnectOnly, parameters.isMainFrameNavigation, parameters.isMainResourceNavigationForAnyFrame, parameters.networkActivityTracker); > #endif > #if USE(SOUP) > return NetworkDataTaskSoup::create(session, client, parameters.request, parameters.storedCredentialsPolicy, parameters.contentSniffingPolicy, parameters.contentEncodingSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect, parameters.isMainFrameNavigation); >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadParameters.h b/Source/WebKit/NetworkProcess/NetworkLoadParameters.h >index 896399d13325d014a174bf77b4ca636caf2e0c46..9d59a9cf2c31b517bdc5b92b912b3f1f993a1bcc 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadParameters.h >+++ b/Source/WebKit/NetworkProcess/NetworkLoadParameters.h >@@ -50,6 +50,7 @@ public: > bool shouldClearReferrerOnHTTPSToHTTPRedirect { true }; > bool needsCertificateInfo { false }; > bool isMainFrameNavigation { false }; >+ bool isMainResourceNavigationForAnyFrame { false }; > Vector<RefPtr<WebCore::BlobDataFileReference>> blobFileReferences; > PreconnectOnly shouldPreconnectOnly { PreconnectOnly::No }; > Optional<NetworkActivityTracker> networkActivityTracker; >diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp >index 58aacb993db98accda6522d9564c9eaa894bda81..a0ac4af2e450455fc94888f4463e68e37f837d6e 100644 >--- a/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp >@@ -78,6 +78,7 @@ void NetworkResourceLoadParameters::encode(IPC::Encoder& encoder) const > encoder << shouldClearReferrerOnHTTPSToHTTPRedirect; > encoder << needsCertificateInfo; > encoder << isMainFrameNavigation; >+ encoder << isMainResourceNavigationForAnyFrame; > encoder << maximumBufferingTime; > > encoder << static_cast<bool>(sourceOrigin); >@@ -166,6 +167,8 @@ bool NetworkResourceLoadParameters::decode(IPC::Decoder& decoder, NetworkResourc > return false; > if (!decoder.decode(result.isMainFrameNavigation)) > return false; >+ if (!decoder.decode(result.isMainResourceNavigationForAnyFrame)) >+ return false; > if (!decoder.decode(result.maximumBufferingTime)) > return false; > >diff --git a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp >index 26bf19d9accb993b0af5319b11b275c1e23e4872..054029bb65a4ac0af70427a62f09c4f2b20e550b 100644 >--- a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp >@@ -50,7 +50,7 @@ NetworkSessionCreationParameters NetworkSessionCreationParameters::privateSessio > #if USE(CURL) > , { }, { } > #endif >- , { }, { }, false, { }, { }, { }, { }, { } >+ , { }, { }, false, { }, { }, { }, { }, { }, { } > }; > } > >@@ -84,7 +84,9 @@ void NetworkSessionCreationParameters::encode(IPC::Encoder& encoder) const > encoder << enableResourceLoadStatisticsDebugMode; > encoder << resourceLoadStatisticsManualPrevalentResource; > >- encoder << localStorageDirectory << localStorageDirectoryExtensionHandle; >+ encoder << localStorageDirectory << localStorageDirectoryExtensionHandle; >+ >+ encoder << deviceManagementRestrictionsEnabled; > } > > Optional<NetworkSessionCreationParameters> NetworkSessionCreationParameters::decode(IPC::Decoder& decoder) >@@ -208,6 +210,11 @@ Optional<NetworkSessionCreationParameters> NetworkSessionCreationParameters::dec > if (!localStorageDirectoryExtensionHandle) > return WTF::nullopt; > >+ Optional<bool> deviceManagementRestrictionsEnabled; >+ decoder >> deviceManagementRestrictionsEnabled; >+ if (!deviceManagementRestrictionsEnabled) >+ return WTF::nullopt; >+ > return {{ > sessionID > , WTFMove(*boundInterfaceIdentifier) >@@ -235,6 +242,7 @@ Optional<NetworkSessionCreationParameters> NetworkSessionCreationParameters::dec > , WTFMove(*enableResourceLoadStatistics) > , WTFMove(*shouldIncludeLocalhostInResourceLoadStatistics) > , WTFMove(*enableResourceLoadStatisticsDebugMode) >+ , WTFMove(*deviceManagementRestrictionsEnabled) > , WTFMove(*resourceLoadStatisticsManualPrevalentResource) > , WTFMove(*localStorageDirectory) > , WTFMove(*localStorageDirectoryExtensionHandle) >diff --git a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h >index 6fc07aed24b40a67daf4c176e4f7dbf15b0b70c5..17525fec69ba0c7cb459fff5aeb17bdec73609ed 100644 >--- a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h >+++ b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h >@@ -86,6 +86,7 @@ struct NetworkSessionCreationParameters { > bool enableResourceLoadStatistics { false }; > bool shouldIncludeLocalhostInResourceLoadStatistics { true }; > bool enableResourceLoadStatisticsDebugMode { false }; >+ bool deviceManagementRestrictionsEnabled { false }; > WebCore::RegistrableDomain resourceLoadStatisticsManualPrevalentResource { }; > > String localStorageDirectory; >diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h >index 965c6fa664bcd155f76cdb3b4d7326eee03e9188..3fd06501d670ec9bae961d4d29a448c9418ba0fc 100644 >--- a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h >+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h >@@ -42,9 +42,9 @@ class NetworkSessionCocoa; > class NetworkDataTaskCocoa final : public NetworkDataTask { > friend class NetworkSessionCocoa; > public: >- static Ref<NetworkDataTask> create(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& request, uint64_t frameID, uint64_t pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly, bool dataTaskIsForMainFrameNavigation, Optional<NetworkActivityTracker> networkActivityTracker) >+ static Ref<NetworkDataTask> create(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& request, uint64_t frameID, uint64_t pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly, bool dataTaskIsForMainFrameNavigation, bool dataTaskIsForMainResourceNavigationForAnyFrame, Optional<NetworkActivityTracker> networkActivityTracker) > { >- return adoptRef(*new NetworkDataTaskCocoa(session, client, request, frameID, pageID, storedCredentialsPolicy, shouldContentSniff, shouldContentEncodingSniff, shouldClearReferrerOnHTTPSToHTTPRedirect, shouldPreconnectOnly, dataTaskIsForMainFrameNavigation, networkActivityTracker)); >+ return adoptRef(*new NetworkDataTaskCocoa(session, client, request, frameID, pageID, storedCredentialsPolicy, shouldContentSniff, shouldContentEncodingSniff, shouldClearReferrerOnHTTPSToHTTPRedirect, shouldPreconnectOnly, dataTaskIsForMainFrameNavigation, dataTaskIsForMainResourceNavigationForAnyFrame, networkActivityTracker)); > } > > ~NetworkDataTaskCocoa(); >@@ -75,7 +75,7 @@ public: > String description() const override; > > private: >- NetworkDataTaskCocoa(NetworkSession&, NetworkDataTaskClient&, const WebCore::ResourceRequest&, uint64_t frameID, uint64_t pageID, WebCore::StoredCredentialsPolicy, WebCore::ContentSniffingPolicy, WebCore::ContentEncodingSniffingPolicy, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly, bool dataTaskIsForMainFrameNavigation, Optional<NetworkActivityTracker>); >+ NetworkDataTaskCocoa(NetworkSession&, NetworkDataTaskClient&, const WebCore::ResourceRequest&, uint64_t frameID, uint64_t pageID, WebCore::StoredCredentialsPolicy, WebCore::ContentSniffingPolicy, WebCore::ContentEncodingSniffingPolicy, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly, bool dataTaskIsForMainFrameNavigation, bool dataTaskIsForMainResourceNavigationForAnyFrame, Optional<NetworkActivityTracker>); > > bool tryPasswordBasedAuthentication(const WebCore::AuthenticationChallenge&, ChallengeCompletionHandler&); > void applySniffingPoliciesAndBindRequestToInferfaceIfNeeded(__strong NSURLRequest*&, bool shouldContentSniff, bool shouldContentEncodingSniff); >@@ -98,6 +98,10 @@ private: > #if ENABLE(RESOURCE_LOAD_STATISTICS) > bool m_hasBeenSetToUseStatelessCookieStorage { false }; > #endif >+ >+#if HAVE(DEVICE_MANAGEMENT) >+ bool m_isForMainResourceNavigationForAnyFrame { false }; >+#endif > }; > > WebCore::Credential serverTrustCredential(const WebCore::AuthenticationChallenge&); >diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm >index 35e443b9ee918057ad34def068a899bea067adf6..b39da917a0b15015c75d158af4a48831481eeb18 100644 >--- a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm >+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm >@@ -28,6 +28,7 @@ > > #import "AuthenticationChallengeDisposition.h" > #import "AuthenticationManager.h" >+#import "DeviceManagementSPI.h" > #import "Download.h" > #import "DownloadProxyMessages.h" > #import "Logging.h" >@@ -160,10 +161,13 @@ static void updateTaskWithFirstPartyForSameSiteCookies(NSURLSessionDataTask* tas > #endif > } > >-NetworkDataTaskCocoa::NetworkDataTaskCocoa(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials, uint64_t frameID, uint64_t pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly, bool dataTaskIsForMainFrameNavigation, Optional<NetworkActivityTracker> networkActivityTracker) >+NetworkDataTaskCocoa::NetworkDataTaskCocoa(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials, uint64_t frameID, uint64_t pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly, bool dataTaskIsForMainFrameNavigation, bool dataTaskIsForMainResourceNavigationForAnyFrame, Optional<NetworkActivityTracker> networkActivityTracker) > : NetworkDataTask(session, client, requestWithCredentials, storedCredentialsPolicy, shouldClearReferrerOnHTTPSToHTTPRedirect, dataTaskIsForMainFrameNavigation) > , m_frameID(frameID) > , m_pageID(pageID) >+#if HAVE(DEVICE_MANAGEMENT) >+ , m_isForMainResourceNavigationForAnyFrame(dataTaskIsForMainResourceNavigationForAnyFrame) >+#endif > { > if (m_scheduledFailureType != NoFailure) > return; >@@ -489,6 +493,27 @@ void NetworkDataTaskCocoa::resume() > { > if (m_scheduledFailureType != NoFailure) > m_failureTimer.startOneShot(0_s); >+ >+#if HAVE(DEVICE_MANAGEMENT) >+ auto& cocoaSession = static_cast<NetworkSessionCocoa&>(m_session.get()); >+ if (cocoaSession.deviceManagementRestrictionsEnabled() && m_isForMainResourceNavigationForAnyFrame) { >+ RetainPtr<NSURL> urlToCheck = [m_task currentRequest].URL; >+ [cocoaSession.deviceManagementPolicyMonitor() requestPoliciesForWebsites:@[ urlToCheck.get() ] completionHandler:[protectedThis = makeRefPtr(*this), urlToCheck] (NSDictionary<NSURL *, NSNumber *> *policies, NSError *error) { >+ bool isBlocked = error || policies[urlToCheck.get()].integerValue != DMFPolicyOK; >+ callOnMainThread([isBlocked, protectedThis] { >+ if (isBlocked) { >+ protectedThis->scheduleFailure(BlockedFailure); >+ return; >+ } >+ >+ [protectedThis->m_task resume]; >+ }); >+ }]; >+ >+ return; >+ } >+#endif >+ > [m_task resume]; > } > >diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h >index 3d1a49f27325f49675412540057ef110662140b2..1121a34c2ca47cd0a71594a64c4f61b1528529c5 100644 >--- a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h >+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h >@@ -25,6 +25,7 @@ > > #pragma once > >+OBJC_CLASS DMFWebsitePolicyMonitor; > OBJC_CLASS NSData; > OBJC_CLASS NSURLSession; > OBJC_CLASS NSURLSessionDownloadTask; >@@ -69,6 +70,11 @@ public: > > void continueDidReceiveChallenge(const WebCore::AuthenticationChallenge&, NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*, CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&&); > >+#if HAVE(DEVICE_MANAGEMENT) >+ bool deviceManagementRestrictionsEnabled() const { return m_deviceManagementRestrictionsEnabled; } >+ DMFWebsitePolicyMonitor *deviceManagementPolicyMonitor(); >+#endif >+ > private: > NetworkSessionCocoa(NetworkProcess&, NetworkSessionCreationParameters&&); > >@@ -93,6 +99,10 @@ private: > String m_sourceApplicationBundleIdentifier; > String m_sourceApplicationSecondaryIdentifier; > RetainPtr<CFDictionaryRef> m_proxyConfiguration; >+#if HAVE(DEVICE_MANAGEMENT) >+ RetainPtr<DMFWebsitePolicyMonitor> m_deviceManagementPolicyMonitor; >+ bool m_deviceManagementRestrictionsEnabled { false }; >+#endif > bool m_shouldLogCookieInformation { false }; > Seconds m_loadThrottleLatency; > }; >diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm >index c4ca391df7eb819a686dbbcf01fbcd647cee71db..3da626e4cf084af89731df511ee6f4c9dcb94ebf 100644 >--- a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm >+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm >@@ -29,6 +29,7 @@ > #import "AuthenticationChallengeDisposition.h" > #import "AuthenticationManager.h" > #import "DataReference.h" >+#import "DeviceManagementSPI.h" > #import "Download.h" > #import "LegacyCustomProtocolManager.h" > #import "Logging.h" >@@ -51,6 +52,7 @@ > #import <wtf/NeverDestroyed.h> > #import <wtf/ObjCRuntimeExtras.h> > #import <wtf/ProcessPrivilege.h> >+#import <wtf/SoftLinking.h> > #import <wtf/URL.h> > #import <wtf/text/WTFString.h> > >@@ -58,6 +60,11 @@ > #include <WebKitAdditions/NetworkSessionCocoaAdditions.h> > #endif > >+#if HAVE(DEVICE_MANAGEMENT) >+SOFT_LINK_PRIVATE_FRAMEWORK(DeviceManagement); >+SOFT_LINK_CLASS(DeviceManagement, DMFWebsitePolicyMonitor); >+#endif >+ > using namespace WebKit; > > CFStringRef const WebKit2HTTPProxyDefaultsKey = static_cast<CFStringRef>(@"WebKit2HTTPProxy"); >@@ -713,7 +720,7 @@ - (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)data > ASSERT(RunLoop::isMain()); > > // Avoid MIME type sniffing if the response comes back as 304 Not Modified. >- int statusCode = [response respondsToSelector:@selector(statusCode)] ? [(id)response statusCode] : 0; >+ int statusCode = [response isKindOfClass:NSHTTPURLResponse.class] ? [(NSHTTPURLResponse *)response statusCode] : 0; > if (statusCode != 304) { > bool isMainResourceLoad = networkDataTask->firstRequest().requester() == WebCore::ResourceRequest::Requester::Main; > WebCore::adjustMIMETypeIfNecessary(response._CFURLResponse, isMainResourceLoad); >@@ -981,6 +988,8 @@ NetworkSessionCocoa::NetworkSessionCocoa(NetworkProcess& networkProcess, Network > m_statelessSessionDelegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:*this withCredentials:false]); > m_statelessSession = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_statelessSessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]]; > >+ m_deviceManagementRestrictionsEnabled = parameters.deviceManagementRestrictionsEnabled; >+ > #if ENABLE(RESOURCE_LOAD_STATISTICS) > m_resourceLoadStatisticsDirectory = parameters.resourceLoadStatisticsDirectory; > m_shouldIncludeLocalhostInResourceLoadStatistics = parameters.shouldIncludeLocalhostInResourceLoadStatistics ? ShouldIncludeLocalhost::Yes : ShouldIncludeLocalhost::No; >@@ -1167,4 +1176,14 @@ void NetworkSessionCocoa::continueDidReceiveChallenge(const WebCore::Authenticat > networkDataTask->didReceiveChallenge(WTFMove(authenticationChallenge), WTFMove(challengeCompletionHandler)); > } > >+#if HAVE(DEVICE_MANAGEMENT) >+DMFWebsitePolicyMonitor *NetworkSessionCocoa::deviceManagementPolicyMonitor() >+{ >+ ASSERT(m_deviceManagementRestrictionsEnabled); >+ if (!m_deviceManagementPolicyMonitor) >+ m_deviceManagementPolicyMonitor = adoptNS([allocDMFWebsitePolicyMonitorInstance() initWithPolicyChangeHandler:nil]); >+ return m_deviceManagementPolicyMonitor.get(); >+} >+#endif >+ > } >diff --git a/Source/WebKit/Platform/spi/Cocoa/DeviceManagementSPI.h b/Source/WebKit/Platform/spi/Cocoa/DeviceManagementSPI.h >new file mode 100644 >index 0000000000000000000000000000000000000000..08cc494eda412cb652f15ad0c0fbda5ef5642d1f >--- /dev/null >+++ b/Source/WebKit/Platform/spi/Cocoa/DeviceManagementSPI.h >@@ -0,0 +1,49 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+#if HAVE(DEVICE_MANAGEMENT) >+ >+#if USE(APPLE_INTERNAL_SDK) >+ >+#import <DeviceManagement/DeviceManagement.h> >+ >+#else >+ >+@interface DMFWebsitePolicyMonitor : NSObject >+ >+- (instancetype)initWithPolicyChangeHandler:(DMFPolicyChangeHandler)changeHandler; >+- (void)requestPoliciesForWebsites:(NSArray<NSURL *> *)websiteURLs completionHandler:(void (^)(NSDictionary<NSURL *, NSNumber *> *policies, NSError *error))completionHandler; >+ >+@end >+ >+typedef NS_ENUM(NSInteger, DMFPolicy) { >+ DMFPolicyOK = 0, >+}; >+ >+#endif // USE(APPLE_INTERNAL_SDK) >+ >+#endif // HAVE(DEVICE_MANAGEMENT) >diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb >index da60b1bbfe2c960c0ab88e32b82a02d57007052a..80716ec64348bfb448ede6762d4c0dd9c19cdf7f 100644 >--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb >+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb >@@ -82,6 +82,11 @@ > (global-name "com.apple.passd.in-app-payment") > (global-name "com.apple.passd.library")) > >+(allow mach-lookup >+ (global-name "com.apple.dmd.policy") >+ (global-name "com.apple.siri.context.service") >+ (global-name "com.apple.ctcategories.service")) >+ > (deny file-write-create > (vnode-type SYMLINK)) > >diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm >index 26298ebcec5774e340661ea9fb1a4b28ea50a343..8e754c4386f778b28dd8ef74ff356564aef56def 100644 >--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm >+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm >@@ -253,6 +253,7 @@ - (instancetype)_initWithConfiguration:(_WKWebsiteDataStoreConfiguration *)confi > config->setHTTPProxy(configuration.httpProxy); > if (configuration.httpsProxy) > config->setHTTPSProxy(configuration.httpsProxy); >+ config->setDeviceManagementRestrictionsEnabled(configuration.deviceManagementRestrictionsEnabled); > > API::Object::constructInWrapper<API::WebsiteDataStore>(self, WTFMove(config), PAL::SessionID::generatePersistentSessionID()); > >diff --git a/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h b/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h >index 59f984e487adf3f042d96737a9b47da79e22d3b0..cebf2d6170616487fd89a5df5b9fbf74427eebbc 100644 >--- a/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h >+++ b/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h >@@ -43,6 +43,7 @@ WK_CLASS_AVAILABLE(macos(10.13), ios(11.0)) > @property (nonatomic, nullable, copy) NSString *sourceApplicationSecondaryIdentifier WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); > @property (nonatomic, nullable, copy, setter=setHTTPProxy:) NSURL *httpProxy WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); > @property (nonatomic, nullable, copy, setter=setHTTPSProxy:) NSURL *httpsProxy WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); >+@property (nonatomic) BOOL deviceManagementRestrictionsEnabled WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); > > @end > >diff --git a/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm b/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm >index 2a0510ec89f5eab81c53f27e2e0d0036f60ba029..856ec6880cf6e7cab5577841b9974211fac04de1 100644 >--- a/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm >+++ b/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm >@@ -156,6 +156,16 @@ - (void)setSourceApplicationSecondaryIdentifier:(NSString *)identifier > _configuration->setSourceApplicationSecondaryIdentifier(identifier); > } > >+- (BOOL)deviceManagementRestrictionsEnabled >+{ >+ return _configuration->deviceManagementRestrictionsEnabled(); >+} >+ >+- (void)setDeviceManagementRestrictionsEnabled:(BOOL)enabled >+{ >+ _configuration->setDeviceManagementRestrictionsEnabled(enabled); >+} >+ > - (API::Object&)_apiObject > { > return *_configuration; >diff --git a/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm b/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm >index 05425c0751e238ee19259b3d0254f0691ca347da..326ffae70c15fbcf5ad77fba52918e5eadd8fe92 100644 >--- a/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm >+++ b/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm >@@ -131,6 +131,7 @@ WebsiteDataStoreParameters WebsiteDataStore::parameters() > false, > shouldIncludeLocalhostInResourceLoadStatistics, > enableResourceLoadStatisticsDebugMode, >+ m_configuration->deviceManagementRestrictionsEnabled(), > WTFMove(resourceLoadStatisticsManualPrevalentResource), > WTFMove(localStorageDirectory), > WTFMove(localStorageDirectoryExtensionHandle) >diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp >index 99f57e4ae3a4e1437b54b25250f7217a3120a2ee..9719e3eb5d316c7d3d929d8ae220f7988c4c1e8c 100644 >--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp >+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp >@@ -59,6 +59,7 @@ Ref<WebsiteDataStoreConfiguration> WebsiteDataStoreConfiguration::copy() > copy->m_sourceApplicationSecondaryIdentifier = this->m_sourceApplicationSecondaryIdentifier; > copy->m_httpProxy = this->m_httpProxy; > copy->m_httpsProxy = this->m_httpsProxy; >+ copy->m_deviceManagementRestrictionsEnabled = this->m_deviceManagementRestrictionsEnabled; > > return copy; > } >diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h >index df17adc5e4d32d021558e6494a3e369787f59f70..85a13c672aa410364f271fb1e40fcc16ea174d6e 100644 >--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h >+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h >@@ -98,6 +98,9 @@ public: > const URL& httpsProxy() const { return m_httpsProxy; } > void setHTTPSProxy(URL&& proxy) { m_httpsProxy = WTFMove(proxy); } > >+ bool deviceManagementRestrictionsEnabled() const { return m_deviceManagementRestrictionsEnabled; } >+ void setDeviceManagementRestrictionsEnabled(bool enabled) { m_deviceManagementRestrictionsEnabled = enabled; } >+ > private: > WebsiteDataStoreConfiguration(); > >@@ -121,6 +124,7 @@ private: > String m_sourceApplicationSecondaryIdentifier; > URL m_httpProxy; > URL m_httpsProxy; >+ bool m_deviceManagementRestrictionsEnabled { false }; > }; > > } >diff --git a/Source/WebKit/WebKit.xcodeproj/project.pbxproj b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >index ddb3a3000caef7235c2646cd0f4048cbceb560a2..8fab0701c2890bce0a03f19d9c4a6cab51baa126 100644 >--- a/Source/WebKit/WebKit.xcodeproj/project.pbxproj >+++ b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >@@ -702,6 +702,7 @@ > 2DA6731A20C754B1003CB401 /* DynamicViewportSizeUpdate.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DA6731920C754B1003CB401 /* DynamicViewportSizeUpdate.h */; }; > 2DA944A01884E4F000ED86DB /* WebIOSEventFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DA944991884E4F000ED86DB /* WebIOSEventFactory.h */; }; > 2DA944A41884E4F000ED86DB /* GestureTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DA9449D1884E4F000ED86DB /* GestureTypes.h */; }; >+ 2DAADA8F2298C21000E36B0C /* DeviceManagementSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DAADA8E2298C21000E36B0C /* DeviceManagementSPI.h */; }; > 2DABA7721A817B1700EF0F1A /* WKPageRenderingProgressEventsInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DABA7711A817B1700EF0F1A /* WKPageRenderingProgressEventsInternal.h */; }; > 2DABA7741A817EE600EF0F1A /* WKPluginLoadPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DABA7731A817EE600EF0F1A /* WKPluginLoadPolicy.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 2DABA7761A82B42100EF0F1A /* APIHistoryClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DABA7751A82B42100EF0F1A /* APIHistoryClient.h */; }; >@@ -2798,6 +2799,7 @@ > 2DA944AC1884E9BA00ED86DB /* WebProcessProxyIOS.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = WebProcessProxyIOS.mm; path = ios/WebProcessProxyIOS.mm; sourceTree = "<group>"; }; > 2DA944B61884EA3500ED86DB /* WebPageIOS.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = WebPageIOS.mm; path = ios/WebPageIOS.mm; sourceTree = "<group>"; }; > 2DA944BC188511E700ED86DB /* NetworkProcessIOS.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = NetworkProcessIOS.mm; sourceTree = "<group>"; }; >+ 2DAADA8E2298C21000E36B0C /* DeviceManagementSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DeviceManagementSPI.h; sourceTree = "<group>"; }; > 2DABA7711A817B1700EF0F1A /* WKPageRenderingProgressEventsInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKPageRenderingProgressEventsInternal.h; sourceTree = "<group>"; }; > 2DABA7731A817EE600EF0F1A /* WKPluginLoadPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKPluginLoadPolicy.h; sourceTree = "<group>"; }; > 2DABA7751A82B42100EF0F1A /* APIHistoryClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIHistoryClient.h; sourceTree = "<group>"; }; >@@ -6105,6 +6107,7 @@ > 37C21CAD1E994C0C0029D5F9 /* CorePredictionSPI.h */, > A1FB68261F6E51C100C43F9F /* CrashReporterClientSPI.h */, > 57DCEDAA214B9B430016B847 /* DeviceIdentitySPI.h */, >+ 2DAADA8E2298C21000E36B0C /* DeviceManagementSPI.h */, > 3754D5441B3A29FD003A4C7F /* NSInvocationSPI.h */, > 37B47E2C1D64DB76005F4EFF /* objcSPI.h */, > 0E97D74C200E8FF300BF6643 /* SafeBrowsingSPI.h */, >@@ -9223,6 +9226,7 @@ > BC032DA610F437D10058C15A /* Decoder.h in Headers */, > 57DCEDAB214C60090016B847 /* DeviceIdentitySPI.h in Headers */, > 07297F9F1C17BBEA015F0735 /* DeviceIdHashSaltStorage.h in Headers */, >+ 2DAADA8F2298C21000E36B0C /* DeviceManagementSPI.h in Headers */, > 83891B6C1A68C30B0030F386 /* DiagnosticLoggingClient.h in Headers */, > C18173612058424700DFDA65 /* DisplayLink.h in Headers */, > 5C1427021C23F84C00D41183 /* Download.h in Headers */, >diff --git a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >index 04ae0e45d5e9d29ca0f270a06418a6ab2d501fcb..05f3f0e47cb9cb8b1537bee81c29a906504c8814 100644 >--- a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >+++ b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >@@ -335,6 +335,8 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL > > loadParameters.isMainFrameNavigation = resourceLoader.frame() && resourceLoader.frame()->isMainFrame() && resourceLoader.options().mode == FetchOptions::Mode::Navigate; > >+ loadParameters.isMainResourceNavigationForAnyFrame = resourceLoader.frame() && resourceLoader.options().mode == FetchOptions::Mode::Navigate; >+ > loadParameters.shouldEnableCrossOriginResourcePolicy = RuntimeEnabledFeatures::sharedFeatures().crossOriginResourcePolicyEnabled() && !loadParameters.isMainFrameNavigation; > > if (resourceLoader.options().mode == FetchOptions::Mode::Navigate) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370816">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198318
:
370816
|
370880
|
370904
|
370977
|
371010
|
371016
|
371074
|
371075