daf92e1975
https://bugs.webkit.org/show_bug.cgi?id=228116 <rdar://problem/80693607> Patch by Brent Fulgham. Patch by Kate Cheney <katherine_cheney@apple.com> on 2021-07-29 Reviewed by Per Arne Vollan. Source/WebKit: We should not be using the PAC key to confirm a valid WebContent process is the source of WebAuthn-related messages. Instead, we should confirm the message source is an Apple-signed executable, and that the signining identity is for the WebContent process. * Shared/Cocoa/CodeSigning.h: Renamed from Source/WebKit/Shared/mac/CodeSigning.h. * Shared/Cocoa/CodeSigning.mm: Renamed from Source/WebKit/Shared/mac/CodeSigning.mm. (WebKit::codeSigningIdentifier): (WebKit::codeSigningIdentifierForCurrentProcess): (WebKit::currentProcessIsPlatformBinary): (WebKit::codeSigningIdentifierAndPlatformBinaryStatus): * Shared/Cocoa/XPCEndpoint.mm: (WebKit::XPCEndpoint::XPCEndpoint): * SourcesCocoa.txt: * UIProcess/Cocoa/WebProcessProxyCocoa.mm: (WebKit::WebProcessProxy::messageSourceIsValidWebContentProcess): * UIProcess/WebProcessProxy.cpp: (WebKit::WebProcessProxy::getWebAuthnProcessConnection): * UIProcess/WebProcessProxy.h: * UIProcess/mac/WebProcessProxyMac.mm: * WebKit.xcodeproj/project.pbxproj: Source/WTF: Add new SPI header for code signing features. * WTF.xcodeproj/project.pbxproj: * wtf/spi/cocoa/SecuritySPI.h: * wtf/spi/darwin/CodeSignSPI.h: Added. Canonical link: https://commits.webkit.org/240086@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280451 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
||
|---|---|---|
| .. | ||
| CFXPCBridgeSPI.h | ||
| CrashReporterClientSPI.h | ||
| MachVMSPI.h | ||
| NSLocaleSPI.h | ||
| OSLogSPI.h | ||
| SecuritySPI.h | ||
| objcSPI.h | ||