[webkit-changes] [WebKit/WebKit] c33df2: [Private Browsing] Noise injection doesn't apply w...

Charlie Wolfe noreply at github.com
Fri May 24 07:14:51 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c33df2d323602a9e7693b18d53a40887995fe942
      https://github.com/WebKit/WebKit/commit/c33df2d323602a9e7693b18d53a40887995fe942
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-05-24 (Fri, 24 May 2024)

  Changed paths:
    M Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/Document.h
    M Source/WebCore/dom/EmptyScriptExecutionContext.h
    M Source/WebCore/dom/ScriptExecutionContext.h
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h
    M Source/WebCore/workers/Worker.cpp
    M Source/WebCore/workers/WorkerGlobalScope.cpp
    M Source/WebCore/workers/WorkerInitializationData.h
    M Source/WebCore/workers/WorkerMessagingProxy.cpp
    M Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp
    M Source/WebCore/workers/WorkerOrWorkletGlobalScope.h
    M Source/WebCore/workers/WorkerScriptLoader.cpp
    M Source/WebCore/workers/WorkerScriptLoader.h
    M Source/WebCore/workers/WorkerThread.cpp
    M Source/WebCore/workers/WorkerThread.h
    M Source/WebCore/workers/service/ServiceWorkerClientData.cpp
    M Source/WebCore/workers/service/ServiceWorkerClientData.h
    M Source/WebCore/workers/service/context/ServiceWorkerThread.cpp
    M Source/WebCore/workers/service/context/ServiceWorkerThread.h
    M Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp
    M Source/WebCore/workers/service/server/SWServer.cpp
    M Source/WebCore/workers/service/server/SWServer.h
    M Source/WebCore/workers/service/server/SWServerToContextConnection.h
    M Source/WebCore/workers/shared/SharedWorkerScriptLoader.cpp
    M Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp
    M Source/WebCore/worklets/WorkletGlobalScope.cpp
    M Source/WebCore/worklets/WorkletParameters.h
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h
    M Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in
    M Source/WebKit/WebProcess/Storage/WebSharedWorkerContextManagerConnection.cpp
    M Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm

  Log Message:
  -----------
  [Private Browsing] Noise injection doesn't apply when using OffscreenCanvas in shared/service workers
https://bugs.webkit.org/show_bug.cgi?id=271159
rdar://124702163

Reviewed by Sihui Liu and Chris Dumez.

In Private Browsing mode in Safari 17, each `ScriptExecutionContext` has a noise injection hash salt
(unique by security origin) and `AdvancedPrivacyProtections` flags, sourced from the document
loader. These are used to generate noise when reading pixels back from `canvas` or `OffscreenCanvas`.
For dedicated workers, plumbing already exists to propagate the hash salt via `WorkerParameters` to
`WorkerGlobalScope`, where they apply to `OffscreenCanvas`. However, for both shared workers and
service workers, this is insufficient, since the `OffscreenCanvas` APIs are called in a separate,
potentially-remote `Page` (which currently has neither a hash salt nor the requisite
`AdvancedPrivacyProtections` flags).

To fix this, we extend `AdvancedPrivacyProtection` flag plumbing to work for these two remaining
types of workers; see below for more details.

Test: AdvancedPrivacyProtections.NoiseInjectionForOffscreenCanvasInSharedWorker

* Source/WebCore/Modules/webaudio/AudioWorkletMessagingProxy.cpp:
(WebCore::generateWorkletParameters):
* Source/WebCore/dom/Document.cpp:
(WebCore::Document::noiseInjectionPolicy const):
(WebCore::Document::advancedPrivacyProtections const):
* Source/WebCore/dom/Document.h:
* Source/WebCore/dom/EmptyScriptExecutionContext.h:
* Source/WebCore/dom/ScriptExecutionContext.h:

Add an override point to return the set of active advanced privacy protection flags. For `Document`,
this goes through the top document's loader. For worklets and workers, this state is passed in via
`WorkerParameters` and `WorkletParameters`.

* Source/WebCore/page/Page.cpp:
(WebCore::Page::setupForRemoteWorker):

Allow shared/service workers to pass in privacy protections when initializing the remote `Page`.

* Source/WebCore/page/Page.h:
* Source/WebCore/workers/Worker.cpp:
(WebCore::Worker::notifyFinished):
* Source/WebCore/workers/WorkerGlobalScope.cpp:
(WebCore::WorkerGlobalScope::WorkerGlobalScope):
* Source/WebCore/workers/WorkerInitializationData.h:
(WebCore::WorkerInitializationData::isolatedCopy const):
* Source/WebCore/workers/WorkerMessagingProxy.cpp:
(WebCore::WorkerMessagingProxy::startWorkerGlobalScope):
* Source/WebCore/workers/WorkerOrWorkletGlobalScope.cpp:
(WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope):
* Source/WebCore/workers/WorkerOrWorkletGlobalScope.h:
(WebCore::WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope):
* Source/WebCore/workers/WorkerScriptLoader.cpp:
(WebCore::WorkerScriptLoader::loadSynchronously):
(WebCore::WorkerScriptLoader::loadAsynchronously):
* Source/WebCore/workers/WorkerScriptLoader.h:
(WebCore::WorkerScriptLoader::advancedPrivacyProtections const):

Add a member as well as a getter to keep track of the active privacy protections for the currently
loading (or loaded) worker. Later consulted in `SharedWorkerScriptLoader` to plumb the protection
options into `WorkerInitializationData`, when spinning up shared workers.

* Source/WebCore/workers/WorkerThread.cpp:
(WebCore::WorkerParameters::isolatedCopy const):
* Source/WebCore/workers/WorkerThread.h:
* Source/WebCore/workers/service/ServiceWorkerClientData.cpp:
(WebCore::ServiceWorkerClientData::isolatedCopy const):
(WebCore::ServiceWorkerClientData::isolatedCopy):
(WebCore::ServiceWorkerClientData::from):
* Source/WebCore/workers/service/ServiceWorkerClientData.h:
* Source/WebCore/workers/service/context/ServiceWorkerThread.cpp:
(WebCore::generateWorkerParameters):
(WebCore::ServiceWorkerThread::ServiceWorkerThread):
* Source/WebCore/workers/service/context/ServiceWorkerThread.h:
* Source/WebCore/workers/service/context/ServiceWorkerThreadProxy.cpp:
(WebCore::ServiceWorkerThreadProxy::ServiceWorkerThreadProxy):
* Source/WebCore/workers/service/server/SWServer.cpp:
(WebCore::forEachClientForOriginImpl):
(WebCore::SWServer::forEachClientForOrigin const):
(WebCore::SWServer::forEachClientForOrigin):
(WebCore::SWServer::advancedPrivacyProtectionsFromClient const):

When installing a new service worker, consult the set of matching clients (by client origin), to
check if any clients of the service worker have active privacy protections; pass along the union of
these active policies when installing the service worker.

(WebCore::SWServer::installContextData):

Pass in `AdvancedPrivacyProtections` when spinning up a new service worker.

(WebCore::SWServer::runServiceWorker):
* Source/WebCore/workers/service/server/SWServer.h:
* Source/WebCore/workers/service/server/SWServerToContextConnection.h:
* Source/WebCore/workers/shared/SharedWorkerScriptLoader.cpp:
(WebCore::SharedWorkerScriptLoader::notifyFinished):
* Source/WebCore/workers/shared/context/SharedWorkerThreadProxy.cpp:
(WebCore::generateWorkerParameters):
* Source/WebCore/worklets/WorkletGlobalScope.cpp:
(WebCore::WorkletGlobalScope::WorkletGlobalScope):
* Source/WebCore/worklets/WorkletParameters.h:
(WebCore::WorkletParameters::isolatedCopy const):
(WebCore::WorkletParameters::isolatedCopy):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::controlClient):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.cpp:
(WebKit::WebSWServerToContextConnection::installServiceWorkerContext):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerToContextConnection.h:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.cpp:
(WebKit::WebSWContextManagerConnection::installServiceWorker):

Call `setupForRemoteWorker` with the privacy protection flags.

* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.h:
* Source/WebKit/WebProcess/Storage/WebSWContextManagerConnection.messages.in:
* Source/WebKit/WebProcess/Storage/WebSharedWorkerContextManagerConnection.cpp:
(WebKit::WebSharedWorkerContextManagerConnection::launchSharedWorker):

Call `setupForRemoteWorker` with the privacy protection flags.

* Tools/TestWebKitAPI/Tests/WebKit/AdvancedPrivacyProtections.mm:
(TestWebKitAPI::sharedWorkerMainBytes):

Add a new API test.

Originally-landed-as: 272448.764 at safari-7618-branch (e285de6f4a70). rdar://128550109
Canonical link: https://commits.webkit.org/279267@main


  Commit: 58066bfb9d6324a8e43bd42068e9d756c1986b52
      https://github.com/WebKit/WebKit/commit/58066bfb9d6324a8e43bd42068e9d756c1986b52
  Author: Antoine Quint <graouts at webkit.org>
  Date:   2024-05-24 (Fri, 24 May 2024)

  Changed paths:
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm
    M Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemoteProperties.serialization.in

  Log Message:
  -----------
  Validate key paths of animations in an animation group sent over IPC
https://bugs.webkit.org/show_bug.cgi?id=271476
rdar://125216664

Reviewed by Simon Fraser.

Assert that the key path of animations created within an animation group is valid
when receiving them from an IPC connection in the same spirit as 259066 at main.

Additionally, we add a `Validator` for the `PlatformCAAnimationRemoteProperties::animationType`
member such that it calls `PlatformCAAnimation::isValidKeyPath()` during the decoding
process and trigger a `MESSAGE_CHECK` if the key is not valid. It is important to do this for
`animationType` and not `keyPath` since we need both members to have been decoded first.

* Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemote.mm:
(WebKit::createAnimation):
* Source/WebKit/WebProcess/WebPage/RemoteLayerTree/PlatformCAAnimationRemoteProperties.serialization.in:

Originally-landed-as: 272448.858 at safari-7618-branch (ce10225c6802). rdar://128551814
Canonical link: https://commits.webkit.org/279268@main


  Commit: e3408806f2e78e22f157d8b15f0b37215732cd8f
      https://github.com/WebKit/WebKit/commit/e3408806f2e78e22f157d8b15f0b37215732cd8f
  Author: Charlie Wolfe <charliew at apple.com>
  Date:   2024-05-24 (Fri, 24 May 2024)

  Changed paths:
    M LayoutTests/ipc/dirty-region-overflow.html

  Log Message:
  -----------
  Running `ipc/dirty-region-overflow.html` and `ipc/invalid-message-to-web-process.html` in succession causes a crash
https://bugs.webkit.org/show_bug.cgi?id=272126
rdar://125851088

Reviewed by Kimmo Kinnunen.

Receive and set semaphores after creating a rendering backend.

* LayoutTests/ipc/dirty-region-overflow.html:

Originally-landed-as: 272448.863 at safari-7618-branch (21771a7de8c8). rdar://128551814
Canonical link: https://commits.webkit.org/279269@main


Compare: https://github.com/WebKit/WebKit/compare/4aea4a2555b9...e3408806f2e7

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list