[webkit-changes] [WebKit/WebKit] 519e45: [iOS 17] Remote inspection should be disabled for ...

Mon Aug 21 21:52:54 PDT 2023

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 519e45961292f33fc820167bb68e57a9903be0d7
      https://github.com/WebKit/WebKit/commit/519e45961292f33fc820167bb68e57a9903be0d7
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2023-08-21 (Mon, 21 Aug 2023)

  Changed paths:
    M Source/WebCore/workers/service/ServiceWorkerTypes.h
    M Source/WebCore/workers/service/context/SWContextManager.cpp
    M Source/WebCore/workers/service/context/SWContextManager.h
    M Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp
    M Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h
    M Source/WebCore/workers/service/server/SWServer.cpp
    M Source/WebCore/workers/service/server/SWServer.h
    M Source/WebCore/workers/service/server/SWServerToContextConnection.h
    M Source/WebKit/NetworkProcess/NetworkProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/NetworkProcess/NetworkProcess.messages.in
    M Source/WebKit/NetworkProcess/NetworkSession.cpp
    M Source/WebKit/NetworkProcess/NetworkSession.h
    M Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp
    M Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h
    M Source/WebKit/Scripts/webkit/messages.py
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/UIProcess/ProvisionalPageProxy.cpp
    M Source/WebKit/UIProcess/WebPageProxy.cpp
    M Source/WebKit/UIProcess/WebProcessPool.cpp
    M Source/WebKit/UIProcess/WebProcessPool.h
    M Source/WebKit/UIProcess/WebProcessProxy.cpp
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in

  Log Message:
  -----------
  [iOS 17] Remote inspection should be disabled for service workers used only in locked private tabs
https://bugs.webkit.org/show_bug.cgi?id=260400
rdar://108476513

Reviewed by Patrick Angle and Chris Dumez.

Safari 17 introduces the ability to lock tabs in private browsing mode, such that they require some
form of authentication before they're visible to the user. Aside from obscuring the web views, one
of the other (myriad) ways we hide these private tabs is by making them non-web-inspectable, via
`-[WKWebView setInspectable:]`. However, there's currently a corner case where service workers that
are loaded as a part of these locked private browsing tabs will still be inspectable, even if the
page itself is not; this is because service workers are currently _always_ inspectable, regardless
of whether inspection is enabled via web view API.

To address this corner case, we propagate `WKWebView` inspectability over to service workers by
letting a website datastore allow inspection for service workers only if at least one web view using
the data store is inspectable. In practice, because private browsing tabs always use a separate,
ephemeral data stores, making web views in private tabs non-inspectable is equivalent to making any
of their service workers non-inspectable.

At a high level, the inspection state plumbing takes the following route through WebKit:

1.  UI Process
    ↳ `WKWebView`/`WebPageProxy` (source of truth)
      ↳ `WebsiteDataStore`
        ↳ `NetworkProcessProxy`

2.  Network Process
    ↳ `NetworkProcess`
      ↳ `NetworkSession`
        ↳ `SWServer`
          ↳ `WebSWServerToContextConnection`

3.  Web Process
    ↳ `WebSWContextManagerConnection`
      ↳ `SWContextManager`
        ↳ `ServiceWorkerThreadProxy` (final destination)

* Source/WebCore/workers/service/ServiceWorkerTypes.h:

Add a boolean `enum class ServiceWorkerIsInspectable` so that we can use it in `SWServer` and
adjacent code, so that the last argument to `installContextData` isn't just a plain `bool`.

* Source/WebCore/workers/service/context/SWContextManager.cpp:
(WebCore::SWContextManager::setInspectable):

Iterate over all `ServiceWorkerThreadProxy`s and plumb the updated inspectability state over to each
worker.

* Source/WebCore/workers/service/context/SWContextManager.h:
* Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp:

Take the inspectability state from the given `WebCore::Page`, which should now have an inspection
state that's consistent with the associated service worker.

(WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy):
(WebCore::ServiceWorkerThreadProxy::setInspectable):
* Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.h:
* Source/WebCore/workers/service/server/SWServer.cpp:
(WebCore::SWServer::SWServer):
(WebCore::SWServer::contextConnectionCreated):

Plumb initial inspectability state through `SWServer` into the context connection.

(WebCore::SWServer::setInspectable):

Update all context connections when inspectability changes.

* Source/WebCore/workers/service/server/SWServer.h:
* Source/WebCore/workers/service/server/SWServerToContextConnection.h:
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::setInspectionForServiceWorkersAllowed):
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkProcess.messages.in:
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::NetworkSession):
(WebKit::NetworkSession::ensureSWServer):
(WebKit::NetworkSession::setInspectionForServiceWorkersAllowed):
* Source/WebKit/NetworkProcess/NetworkSession.h:
* Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp:
(WebKit::NetworkSessionCreationParameters::encode const):
(WebKit::NetworkSessionCreationParameters::decode):

Add a new flag to `NetworkSession`'s creation parameters to indicate whether or not inspection
should be enabled. This is necessary in the case where we avoided sending any inspectability updates
eagerly, in order to avoid needlessly launching the network process.

* Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h:
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp:
(WebKit::WebSWServerToContextConnection::installServiceWorkerContext):
(WebKit::WebSWServerToContextConnection::setInspectable):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h:
* Source/WebKit/Scripts/webkit/messages.py:
(headers_for_type):
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/UIProcess/ProvisionalPageProxy.cpp:
(WebKit::ProvisionalPageProxy::ProvisionalPageProxy):
(WebKit::ProvisionalPageProxy::~ProvisionalPageProxy):
* Source/WebKit/UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::setInspectable):
* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::pageBeginUsingWebsiteDataStore):
(WebKit::WebProcessPool::pageEndUsingWebsiteDataStore):

Update the data store's set of pages when pages begin or end use; we also adjust these to take
`WebPageProxy&`, so that we can pass them directly into `WebsiteDataStore`.

* Source/WebKit/UIProcess/WebProcessPool.h:
* Source/WebKit/UIProcess/WebProcessProxy.cpp:
(WebKit::WebProcessProxy::addExistingWebPage):
(WebKit::WebProcessProxy::removeWebPage):
* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp:

Maintain state on each data store, that determines whether or not service workers associated with
that data store should allow inspection. To achieve this, we maintain the set of `m_pages` currently
associated with this data store; whenever pages are added or removed, or when a page changes
inspectability, we recompute inspectability state on the data store and update the network session
if it changes.

(WebKit::WebsiteDataStore::parameters):
(WebKit::WebsiteDataStore::updateServiceWorkerInspectability):
(WebKit::WebsiteDataStore::addPage):
(WebKit::WebsiteDataStore::removePage):

Update `m_pages` when `WebPageProxy`s start or stop using the data store.

* Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h:
* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:
(WebKit::WebSWContextManagerConnection::installServiceWorker):
(WebKit::WebSWContextManagerConnection::setThrottleState):
(WebKit::WebSWContextManagerConnection::setInspectable):

Plumb inspectability state through to `SWContextManager`.

* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h:
* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in:

Canonical link: https://commits.webkit.org/267118@main