[webkit-changes] [WebKit/WebKit] 6198c5: enable-font-awesome-lockdown-mode

Vitor Roriz noreply at github.com
Thu Dec 15 13:15:27 PST 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 6198c51976a38d44659e41ca4791de9f763de19a
      https://github.com/WebKit/WebKit/commit/6198c51976a38d44659e41ca4791de9f763de19a
  Author: Vitor Roriz <vitor.roriz at apple.com>
  Date:   2022-12-15 (Thu, 15 Dec 2022)

  Changed paths:
    M Source/WebCore/Headers.cmake
    M Source/WebCore/Sources.txt
    M Source/WebCore/WebCore.xcodeproj/project.pbxproj
    M Source/WebCore/css/CSSFontFace.cpp
    M Source/WebCore/css/FontFace.cpp
    A Source/WebCore/loader/cache/AllowedFonts.cpp
    A Source/WebCore/loader/cache/AllowedFonts.h
    M Source/WebCore/loader/cache/CachedFont.cpp
    M Source/WebCore/loader/cache/CachedFont.h
    M Source/WebCore/page/Quirks.cpp
    M Source/WebCore/page/Settings.yaml
    M Source/WebCore/page/SettingsBase.h
    M Source/WebCore/platform/SharedBuffer.h
    M Source/WebKit/WebProcess/WebPage/WebPage.cpp
    M Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
    A Tools/TestWebKitAPI/Tests/WebKitCocoa/Ahem-10000A.ttf
    A Tools/TestWebKitAPI/Tests/WebKitCocoa/LockdownModeFonts.html
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/LockdownModeFonts.mm

  Log Message:
  -----------
  enable-font-awesome-lockdown-mode
https://bugs.webkit.org/show_bug.cgi?id=248938
rdar://101523138

Reviewed by Brent Fulgham.

* Source/WebCore/Headers.cmake:
* Source/WebCore/Sources.txt:
* Source/WebCore/WebCore.xcodeproj/project.pbxproj:
* Tools/TestWebKitAPI/Tests/WebKitCocoa/Ahem-10000A.ttf: Added.
* Tools/TestWebKitAPI/Tests/WebKitCocoa/LockdownModeFonts.html: Added.
Adding new files: AllowedFonts.cpp and AllowedFonts.h

* Source/WebCore/css/CSSFontFace.cpp:
(WebCore::CSSFontFace::appendSources):
Adjusting allow downloading for modified settings 'DownloadableBinaryFontAllowedTypes'.

* Source/WebCore/css/FontFace.cpp:
(WebCore::FontFace::create):
Adjusting allow downloading for modified settings 'DownloadableBinaryFontAllowedTypes'.

* Source/WebCore/loader/cache/AllowedFonts.cpp: Added.
(WebCore::allowedFontHashesInLockdownMode):
(WebCore::hashForFontData):
(WebCore::isFontBinaryAllowed):
Source/WebCore/loader/cache/AllowedFonts.h: Added.
Contains definition for new enum class used by settings 'DownloadableBinaryFontAllowedTypes'.
Contain hashes for the hard-coded allowed fonts when in restrict mode DownloadableBinaryFontAllowedTypes::Restricted.

* Source/WebCore/loader/cache/CachedFont.cpp:
(WebCore::CachedFont::shouldAllowCustomFont):
(WebCore::CachedFont::finishLoading):
(WebCore::CachedFont::setErrorAndDeleteData):
* Source/WebCore/loader/cache/CachedFont.h:
When font binary is finish loading, we will verify if we should allow custom font depending on the settings DownloadableBinaryFontAllowedTypes.
For DownloadableBinaryFontAllowedTypes::Any, we don't have to check if font can be loaded, any font is allowed.
For DownloadableBinaryFontAllowedTypes::Restricted, only fonts which binary-hash is listed in AllowedFonts.cpp:allowedHashes() will be loaded.
For DownloadableBinaryFontAllowedTypes::None, no font is downloaded or loaded.

When a font doesn't pass the loading test, we will not allow it to be loaded and its data buffer will get deleted.

* Source/WebCore/page/Quirks.cpp:
(WebCore::Quirks::shouldEnableFontLoadingAPIQuirk const):
Adjusting for modified settings 'DownloadableBinaryFontAllowedTypes'.

* Source/WebCore/platform/SharedBuffer.h:
(WebCore::SharedBuffer::dataAsSpanForContiguousData const):
Adding function for returning data as Span if the buffer holds contiguous data. If data is not contiguous it returns a span with size 0.

* Source/WebCore/page/Settings.yaml:
* Source/WebCore/page/SettingsBase.h:
Modifying and renaming the settings 'DownloadableBinaryFontsEnabled' to 'DownloadableBinaryFontAllowedTypes'.
Now, instead of a bool, the settings is represented by a Enum with three values {Any, Restricted, None). See AllowedFonts.h.

* Source/WebKit/UIProcess/API/APIWebsitePolicies.cpp:
(API::WebsitePolicies::lockdownModeEnabled const):
* Source/WebKit/WebProcess/WebPage/WebPage.cpp:
(WebKit::adjustSettingsForLockdownMode):
Adjusting for modified settings 'DownloadableBinaryFontAllowedTypes'. Now, when in lockdown mode, instead of setting 'DownloadableBinaryFontsEnabled' to true,
we set 'DownloadableBinaryFontAllowedTypes' to 'Restricted'. With that, font binaries will still be downloaded while in lockdown mode, but only allowed fonts will be loaded and kept in the system.

* Tools/TestWebKitAPI/Tests/WebKitCocoa/LockdownModeFonts.mm:
(TestWebKitAPI::TEST):
New test cases for loading allowed and not allowed fonts.
Modified FontLoadingApi and split it into two: AllowedFontLoadingApi and NotAllowedFontLoadingApi.
These will test that a allowed and not-allowed buffer can be loaded and lot loaded with the
FontFace font-loading API that utilizes data buffers.

Canonical link: https://commits.webkit.org/257954@main

More information about the webkit-changes mailing list