WebKit Bugzilla
Attachment 370300 Details for
Bug 197898
: Only cache bytecode for API clients in data vaults
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for landing
bug-197898-20190521081321.patch (text/plain), 21.88 KB, created by
Tadeu Zagallo
on 2019-05-20 23:13:23 PDT
(
hide
)
Description:
Patch for landing
Filename:
MIME Type:
Creator:
Tadeu Zagallo
Created:
2019-05-20 23:13:23 PDT
Size:
21.88 KB
patch
obsolete
>Subversion Revision: 245304 >diff --git a/Source/JavaScriptCore/ChangeLog b/Source/JavaScriptCore/ChangeLog >index e732524d691b3eedbc0b97a881cd68b069535e73..3399d55e98cdb38dc5a0012b247ffcb19a648166 100644 >--- a/Source/JavaScriptCore/ChangeLog >+++ b/Source/JavaScriptCore/ChangeLog >@@ -1,3 +1,33 @@ >+2019-05-19 Tadeu Zagallo <tzagallo@apple.com> >+ >+ Only cache bytecode for API clients in data vaults >+ https://bugs.webkit.org/show_bug.cgi?id=197898 >+ <rdar://problem/45945449> >+ >+ Reviewed by Keith Miller. >+ >+ Enforce that API clients only store cached bytecode in data vaults. This prevents >+ another process from compromising the current one by tampering with the bytecode. >+ >+ * API/JSScript.mm: >+ (validateBytecodeCachePath): >+ (+[JSScript scriptOfType:withSource:andSourceURL:andBytecodeCache:inVirtualMachine:error:]): >+ (+[JSScript scriptOfType:memoryMappedFromASCIIFile:withSourceURL:andBytecodeCache:inVirtualMachine:error:]): >+ * API/tests/testapi.mm: >+ (cacheFileInDataVault): >+ (testModuleBytecodeCache): >+ (testProgramBytecodeCache): >+ (testBytecodeCacheWithSyntaxError): >+ (testBytecodeCacheWithSameCacheFileAndDifferentScript): >+ (testCacheFileFailsWhenItsAlreadyCached): >+ (testCanCacheManyFilesWithTheSameVM): >+ (testIsUsingBytecodeCacheAccessor): >+ (testBytecodeCacheValidation): >+ (testObjectiveCAPI): >+ * Configurations/ToolExecutable.xcconfig: >+ * JavaScriptCore.xcodeproj/project.pbxproj: >+ * testapi.entitlements: Added. >+ > 2019-05-14 Ross Kirsling <ross.kirsling@sony.com> > > Unreviewed restoration of non-unified build. >diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog >index 6bc60aa7e4bf74aa275461c4ac185caa4d982601..6e973a5833216dd377185e905606424de33a308d 100644 >--- a/Source/WTF/ChangeLog >+++ b/Source/WTF/ChangeLog >@@ -1,3 +1,15 @@ >+2019-05-19 Tadeu Zagallo <tzagallo@apple.com> >+ >+ Only cache bytecode for API clients in data vaults >+ https://bugs.webkit.org/show_bug.cgi?id=197898 >+ >+ Reviewed by Keith Miller. >+ >+ Add SPI to check if a filesystem path is restricted as a data vault. >+ >+ * WTF.xcodeproj/project.pbxproj: >+ * wtf/spi/darwin/DataVaultSPI.h: Added. >+ > 2019-05-14 Commit Queue <commit-queue@webkit.org> > > Unreviewed, rolling out r245281. >diff --git a/Source/JavaScriptCore/API/JSScript.mm b/Source/JavaScriptCore/API/JSScript.mm >index bdbd682283f36c6514cf2736ffdaa012c85120cf..b3ad037d686a9e4a5cab05a9984e87c45fba7276 100644 >--- a/Source/JavaScriptCore/API/JSScript.mm >+++ b/Source/JavaScriptCore/API/JSScript.mm >@@ -38,8 +38,10 @@ > #import "ParserError.h" > #import "Symbol.h" > #include <sys/stat.h> >+#include <wtf/FileMetadata.h> > #include <wtf/FileSystem.h> > #include <wtf/Scope.h> >+#include <wtf/spi/darwin/DataVaultSPI.h> > > #if JSC_OBJC_API_ENABLED > >@@ -60,9 +62,52 @@ static JSScript *createError(NSString *message, NSError** error) > return nil; > } > >+static bool validateBytecodeCachePath(NSURL* cachePath, NSError** error) >+{ >+ if (!cachePath) >+ return true; >+ >+ URL cachePathURL([cachePath absoluteURL]); >+ if (!cachePathURL.isLocalFile()) { >+ createError([NSString stringWithFormat:@"Cache path `%@` is not a local file", static_cast<NSString *>(cachePathURL)], error); >+ return false; >+ } >+ >+ String systemPath = cachePathURL.fileSystemPath(); >+ >+ if (auto metadata = FileSystem::fileMetadata(systemPath)) { >+ if (metadata->type != FileMetadata::Type::File) { >+ createError([NSString stringWithFormat:@"Cache path `%s` already exists and is not a file", systemPath.utf8().data()], error); >+ return false; >+ } >+ } >+ >+ String directory = FileSystem::directoryName(systemPath); >+ if (directory.isNull()) { >+ createError([NSString stringWithFormat:@"Cache path `%s` does not contain in a valid directory", systemPath.utf8().data()], error); >+ return false; >+ } >+ >+ if (!FileSystem::fileIsDirectory(directory, FileSystem::ShouldFollowSymbolicLinks::No)) { >+ createError([NSString stringWithFormat:@"Cache directory `%s` is not a directory or does not exist", directory.utf8().data()], error); >+ return false; >+ } >+ >+#if USE(APPLE_INTERNAL_SDK) >+ if (rootless_check_datavault_flag(FileSystem::fileSystemRepresentation(directory).data(), nullptr)) { >+ createError([NSString stringWithFormat:@"Cache directory `%s` is not a data vault", directory.utf8().data()], error); >+ return false; >+ } >+#endif >+ >+ return true; >+} >+ > + (instancetype)scriptOfType:(JSScriptType)type withSource:(NSString *)source andSourceURL:(NSURL *)sourceURL andBytecodeCache:(NSURL *)cachePath inVirtualMachine:(JSVirtualMachine *)vm error:(out NSError **)error > { >- UNUSED_PARAM(error); >+ if (!validateBytecodeCachePath(cachePath, error)) >+ return nil; >+ > JSScript *result = [[[JSScript alloc] init] autorelease]; > result->m_virtualMachine = vm; > result->m_type = type; >@@ -75,7 +120,9 @@ + (instancetype)scriptOfType:(JSScriptType)type withSource:(NSString *)source an > > + (instancetype)scriptOfType:(JSScriptType)type memoryMappedFromASCIIFile:(NSURL *)filePath withSourceURL:(NSURL *)sourceURL andBytecodeCache:(NSURL *)cachePath inVirtualMachine:(JSVirtualMachine *)vm error:(out NSError **)error > { >- UNUSED_PARAM(error); >+ if (!validateBytecodeCachePath(cachePath, error)) >+ return nil; >+ > URL filePathURL([filePath absoluteURL]); > if (!filePathURL.isLocalFile()) > return createError([NSString stringWithFormat:@"File path %@ is not a local file", static_cast<NSString *>(filePathURL)], error); >diff --git a/Source/JavaScriptCore/API/tests/testapi.mm b/Source/JavaScriptCore/API/tests/testapi.mm >index 5649677bdb017e254c09676d63b6a1711330c0a1..5253b02f722a862f7c031717a2535ec3c0e6c267 100644 >--- a/Source/JavaScriptCore/API/tests/testapi.mm >+++ b/Source/JavaScriptCore/API/tests/testapi.mm >@@ -40,6 +40,7 @@ > #import "JSWrapperMapTests.h" > #import "Regress141275.h" > #import "Regress141809.h" >+#import <wtf/spi/darwin/DataVaultSPI.h> > > #if __has_include(<libproc.h>) > #define HAS_LIBPROC 1 >@@ -2076,6 +2077,27 @@ static NSURL *tempFile(NSString *string) > return [tempDirectory URLByAppendingPathComponent:string]; > } > >+static NSURL* cacheFileInDataVault(NSString* name) >+{ >+#if USE(APPLE_INTERNAL_SDK) >+ static NSURL* dataVaultURL; >+ static dispatch_once_t once; >+ dispatch_once(&once, ^{ >+ char userDir[PATH_MAX]; >+ RELEASE_ASSERT(confstr(_CS_DARWIN_USER_DIR, userDir, sizeof(userDir))); >+ >+ NSString *userDirPath = [[NSFileManager defaultManager] stringWithFileSystemRepresentation:userDir length:strlen(userDir)]; >+ dataVaultURL = [NSURL fileURLWithPath:userDirPath isDirectory:YES]; >+ dataVaultURL = [dataVaultURL URLByAppendingPathComponent:@"JavaScriptCore" isDirectory:YES]; >+ rootless_mkdir_datavault(dataVaultURL.path.UTF8String, 0700, "JavaScriptCore"); >+ }); >+ >+ return [dataVaultURL URLByAppendingPathComponent:name isDirectory:NO]; >+#else >+ return tempFile(name); >+#endif >+} >+ > static void testModuleBytecodeCache() > { > @autoreleasepool { >@@ -2087,9 +2109,9 @@ static void testModuleBytecodeCache() > NSURL *barPath = tempFile(@"bar.js"); > NSURL *bazPath = tempFile(@"baz.js"); > >- NSURL *fooCachePath = tempFile(@"foo.js.cache"); >- NSURL *barCachePath = tempFile(@"bar.js.cache"); >- NSURL *bazCachePath = tempFile(@"baz.js.cache"); >+ NSURL *fooCachePath = cacheFileInDataVault(@"foo.js.cache"); >+ NSURL *barCachePath = cacheFileInDataVault(@"bar.js.cache"); >+ NSURL *bazCachePath = cacheFileInDataVault(@"baz.js.cache"); > > NSURL *fooFakePath = [NSURL fileURLWithPath:@"/foo.js"]; > NSURL *barFakePath = [NSURL fileURLWithPath:@"/directory/bar.js"]; >@@ -2110,7 +2132,8 @@ static void testModuleBytecodeCache() > script = [JSScript scriptOfType:kJSScriptTypeModule memoryMappedFromASCIIFile:bazPath withSourceURL:bazFakePath andBytecodeCache:bazCachePath inVirtualMachine:context.virtualMachine error:nil]; > > if (script) { >- if (![script cacheBytecodeWithError:nil]) >+ NSError *error = nil; >+ if (![script cacheBytecodeWithError:&error]) > CRASH(); > [resolve callWithArguments:@[script]]; > } else >@@ -2142,7 +2165,7 @@ static void testProgramBytecodeCache() > { > @autoreleasepool { > NSString *fooSource = @"function foo() { return 42; }; function bar() { return 40; }; foo() + bar();"; >- NSURL *fooCachePath = tempFile(@"foo.js.cache"); >+ NSURL *fooCachePath = cacheFileInDataVault(@"foo.js.cache"); > JSContext *context = [[JSContext alloc] init]; > JSScript *script = [JSScript scriptOfType:kJSScriptTypeProgram withSource:fooSource andSourceURL:[NSURL URLWithString:@"my-path"] andBytecodeCache:fooCachePath inVirtualMachine:context.virtualMachine error:nil]; > RELEASE_ASSERT(script); >@@ -2166,7 +2189,7 @@ static void testBytecodeCacheWithSyntaxError(JSScriptType type) > { > @autoreleasepool { > NSString *fooSource = @"this is a syntax error"; >- NSURL *fooCachePath = tempFile(@"foo.js.cache"); >+ NSURL *fooCachePath = cacheFileInDataVault(@"foo.js.cache"); > JSContext *context = [[JSContext alloc] init]; > JSScript *script = [JSScript scriptOfType:type withSource:fooSource andSourceURL:[NSURL URLWithString:@"my-path"] andBytecodeCache:fooCachePath inVirtualMachine:context.virtualMachine error:nil]; > RELEASE_ASSERT(script); >@@ -2180,7 +2203,8 @@ static void testBytecodeCacheWithSyntaxError(JSScriptType type) > > static void testBytecodeCacheWithSameCacheFileAndDifferentScript(bool forceDiskCache) > { >- NSURL *cachePath = tempFile(@"cachePath.cache"); >+ >+ NSURL *cachePath = cacheFileInDataVault(@"cachePath.cache"); > NSURL *sourceURL = [NSURL URLWithString:@"my-path"]; > > @autoreleasepool { >@@ -2220,6 +2244,7 @@ static void testBytecodeCacheWithSameCacheFileAndDifferentScript(bool forceDiskC > NSFileManager* fileManager = [NSFileManager defaultManager]; > BOOL removedAll = [fileManager removeItemAtURL:cachePath error:nil]; > checkResult(@"Removed all temp files created", removedAll); >+ > } > > static void testProgramJSScriptException() >@@ -2245,7 +2270,7 @@ static void testProgramJSScriptException() > > static void testCacheFileFailsWhenItsAlreadyCached() > { >- NSURL* cachePath = tempFile(@"foo.program.cache"); >+ NSURL* cachePath = cacheFileInDataVault(@"foo.program.cache"); > NSURL* sourceURL = [NSURL URLWithString:@"my-path"]; > NSString *source = @"function foo() { return 42; } foo();"; > >@@ -2285,7 +2310,7 @@ static void testCanCacheManyFilesWithTheSameVM() > NSMutableArray *scripts = [[NSMutableArray alloc] init]; > > for (unsigned i = 0; i < 10000; ++i) >- [cachePaths addObject:tempFile([NSString stringWithFormat:@"cache-%d.cache", i])]; >+ [cachePaths addObject:cacheFileInDataVault([NSString stringWithFormat:@"cache-%d.cache", i])]; > > JSVirtualMachine *vm = [[JSVirtualMachine alloc] init]; > bool cachedAll = true; >@@ -2323,7 +2348,7 @@ static void testCanCacheManyFilesWithTheSameVM() > > static void testIsUsingBytecodeCacheAccessor() > { >- NSURL* cachePath = tempFile(@"foo.program.cache"); >+ NSURL* cachePath = cacheFileInDataVault(@"foo.program.cache"); > NSURL* sourceURL = [NSURL URLWithString:@"my-path"]; > NSString *source = @"function foo() { return 1337; } foo();"; > >@@ -2356,6 +2381,44 @@ static void testIsUsingBytecodeCacheAccessor() > checkResult(@"Successfully removed cache file", removedAll); > } > >+static void testBytecodeCacheValidation() >+{ >+ @autoreleasepool { >+ JSContext *context = [[JSContext alloc] init]; >+ >+ auto testInvalidCacheURL = [&](NSURL* cacheURL, NSString* expectedErrorMessage) >+ { >+ NSError* error; >+ JSScript *script = [JSScript scriptOfType:kJSScriptTypeProgram withSource:@"" andSourceURL:[NSURL URLWithString:@"my-path"] andBytecodeCache:cacheURL inVirtualMachine:context.virtualMachine error:&error]; >+ RELEASE_ASSERT(!script); >+ RELEASE_ASSERT(error); >+ NSString* testDesciption = [NSString stringWithFormat:@"Cache path validation for `%@` fails with message `%@`", cacheURL.absoluteString, expectedErrorMessage]; >+ checkResult(testDesciption, [error.description containsString:expectedErrorMessage]); >+ }; >+ >+ testInvalidCacheURL([NSURL URLWithString:@""], @"Cache path `` is not a local file"); >+ testInvalidCacheURL([NSURL URLWithString:@"file:///"], @"Cache path `/` already exists and is not a file"); >+ testInvalidCacheURL([NSURL URLWithString:@"file:///a/b/c/d/e"], @"Cache directory `/a/b/c/d` is not a directory or does not exist"); >+ testInvalidCacheURL([NSURL URLWithString:@"file:///private/tmp/file.cache"], @"Cache directory `/private/tmp` is not a data vault"); >+ } >+ >+#if USE(APPLE_INTERNAL_SDK) >+ @autoreleasepool { >+ JSContext *context = [[JSContext alloc] init]; >+ >+ auto testValidCacheURL = [&](NSURL* cacheURL) >+ { >+ NSError* error; >+ JSScript *script = [JSScript scriptOfType:kJSScriptTypeProgram withSource:@"" andSourceURL:[NSURL URLWithString:@"my-path"] andBytecodeCache:cacheURL inVirtualMachine:context.virtualMachine error:&error]; >+ NSString* testDesciption = [NSString stringWithFormat:@"Cache path validation for `%@` passed", cacheURL.absoluteString]; >+ checkResult(testDesciption, script && !error); >+ }; >+ >+ testValidCacheURL(cacheFileInDataVault(@"file.cache")); >+ } >+#endif >+} >+ > @interface JSContextFileLoaderDelegate : JSContext <JSModuleLoaderDelegate> > > + (instancetype)newContext; >@@ -2628,6 +2691,7 @@ void testObjectiveCAPI(const char* filter) > RUN(testCacheFileFailsWhenItsAlreadyCached()); > RUN(testCanCacheManyFilesWithTheSameVM()); > RUN(testIsUsingBytecodeCacheAccessor()); >+ RUN(testBytecodeCacheValidation()); > > RUN(testLoaderRejectsNilScriptURL()); > RUN(testLoaderRejectsFailedFetch()); >diff --git a/Source/JavaScriptCore/Configurations/ToolExecutable.xcconfig b/Source/JavaScriptCore/Configurations/ToolExecutable.xcconfig >index 582107c20fc70bce78638fa6efecb2ac939126df..f228646296c7b6292f68caf4092d49c5a3ab9fd1 100644 >--- a/Source/JavaScriptCore/Configurations/ToolExecutable.xcconfig >+++ b/Source/JavaScriptCore/Configurations/ToolExecutable.xcconfig >@@ -21,11 +21,27 @@ > // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE > // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. > >+#include? "../../../../Internal/Configurations/HaveInternalSDK.xcconfig" > #include "FeatureDefines.xcconfig" > #include "Version.xcconfig" > > INSTALL_PATH = $(JAVASCRIPTCORE_FRAMEWORKS_DIR)/$(JAVASCRIPTCORE_RESOURCES_DIR); > PRODUCT_NAME = $(TARGET_NAME); >+ >+USE_INTERNAL_SDK = $(USE_INTERNAL_SDK_$(CONFIGURATION)); >+USE_INTERNAL_SDK_Production = YES; >+USE_INTERNAL_SDK_Debug = $(HAVE_INTERNAL_SDK); >+USE_INTERNAL_SDK_Release = $(HAVE_INTERNAL_SDK); >+ >+CODE_SIGN_IDENTITY[sdk=macosx*] = $(CODE_SIGN_IDENTITY_$(USE_INTERNAL_SDK)) >+ >+CODE_SIGN_IDENTITY_ = $(CODE_SIGN_IDENTITY_NO); >+CODE_SIGN_IDENTITY_NO = -; >+CODE_SIGN_IDENTITY_YES = $(WK_ENGINEERING_CODE_SIGN_IDENTITY); >+ >+CODE_SIGN_ENTITLEMENTS[sdk=macosx*] = $(CODE_SIGN_ENTITLEMENTS_macosx_$(TARGET_NAME)); >+CODE_SIGN_ENTITLEMENTS_macosx_testapi = testapi.entitlements; >+ > CODE_SIGN_ENTITLEMENTS[sdk=iphone*] = $(CODE_SIGN_ENTITLEMENTS_ios_$(TARGET_NAME)); > CODE_SIGN_ENTITLEMENTS_ios_minidom = entitlements.plist; > CODE_SIGN_ENTITLEMENTS_ios_testair = entitlements.plist; >diff --git a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >index 7e21e0b07c532cc7a81b7510041ab2224c9d2e71..8e4133a015beec1dc7ac356dde2f2cb386814b86 100644 >--- a/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >+++ b/Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj >@@ -3212,6 +3212,7 @@ > 1442565F15EDE98D0066A49B /* JSWithScope.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = JSWithScope.cpp; sourceTree = "<group>"; }; > 1442566015EDE98D0066A49B /* JSWithScope.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = JSWithScope.h; sourceTree = "<group>"; }; > 144CA34F221F037900817789 /* CachedBytecode.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CachedBytecode.h; sourceTree = "<group>"; }; >+ 145348572291737F00B1C2EB /* testapi.entitlements */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.entitlements; path = testapi.entitlements; sourceTree = "<group>"; }; > 145722851437E140005FDE26 /* StrongInlines.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = StrongInlines.h; sourceTree = "<group>"; }; > 145C507F0D9DF63B0088F6B9 /* CallData.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CallData.h; sourceTree = "<group>"; }; > 146AAB2A0B66A84900E55F16 /* JSStringRefCF.h */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = sourcecode.c.h; path = JSStringRefCF.h; sourceTree = "<group>"; }; >@@ -5177,6 +5178,7 @@ > A7C225CC139981F100FF1662 /* KeywordLookupGenerator.py */, > 79D7B0E221152FD300FE7C64 /* allow-jit-macOS.entitlements */, > 79D7B0E121152FD200FE7C64 /* entitlements.plist */, >+ 145348572291737F00B1C2EB /* testapi.entitlements */, > 1432EBD70A34CAD400717B9F /* API */, > 9688CB120ED12B4E001D649F /* assembler */, > 0FEC84B21BDACD5E0080FF74 /* b3 */, >diff --git a/Source/JavaScriptCore/testapi.entitlements b/Source/JavaScriptCore/testapi.entitlements >new file mode 100644 >index 0000000000000000000000000000000000000000..59b0a2bf3aa05e2a0e38ce63601e9d10ef8e9d6d >--- /dev/null >+++ b/Source/JavaScriptCore/testapi.entitlements >@@ -0,0 +1,10 @@ >+<?xml version="1.0" encoding="UTF-8"?> >+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> >+<plist version="1.0"> >+<dict> >+ <key>com.apple.security.cs.allow-jit</key> >+ <true/> >+ <key>com.apple.rootless.storage.JavaScriptCore</key> >+ <true/> >+</dict> >+</plist> >diff --git a/Source/WTF/WTF.xcodeproj/project.pbxproj b/Source/WTF/WTF.xcodeproj/project.pbxproj >index 30204fcd8882fa155c61745a3f33d892689b787b..8824535a3622581a8d87144b6b10700d47117203 100644 >--- a/Source/WTF/WTF.xcodeproj/project.pbxproj >+++ b/Source/WTF/WTF.xcodeproj/project.pbxproj >@@ -288,6 +288,7 @@ > 1469419416EAAFF80024E146 /* SchedulePair.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SchedulePair.h; sourceTree = "<group>"; }; > 1469419A16EAB10A0024E146 /* AutodrainedPool.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = AutodrainedPool.h; sourceTree = "<group>"; }; > 1469419B16EAB10A0024E146 /* AutodrainedPool.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = AutodrainedPool.cpp; sourceTree = "<group>"; }; >+ 14933E21228C22DF00F79E46 /* DataVaultSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DataVaultSPI.h; sourceTree = "<group>"; }; > 149EF16216BBFE0D000A4331 /* TriState.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TriState.h; sourceTree = "<group>"; }; > 14E785E71DFB330100209BD1 /* OrdinalNumber.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = OrdinalNumber.h; sourceTree = "<group>"; }; > 14F3B0F615E45E4600210069 /* SaturatedArithmetic.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SaturatedArithmetic.h; sourceTree = "<group>"; }; >@@ -1363,6 +1364,7 @@ > CE73E02319DCB7AB00580D5C /* darwin */ = { > isa = PBXGroup; > children = ( >+ 14933E21228C22DF00F79E46 /* DataVaultSPI.h */, > E431CC4A21187ADB000C8A07 /* DispatchSPI.h */, > 93DDE9311CDC052D00FD3491 /* dyldSPI.h */, > A5098AFF1C169E0700087797 /* SandboxSPI.h */, >diff --git a/Source/WTF/wtf/spi/darwin/DataVaultSPI.h b/Source/WTF/wtf/spi/darwin/DataVaultSPI.h >new file mode 100644 >index 0000000000000000000000000000000000000000..944bef926c90c12f4f7d16cd9469f64f29ca9576 >--- /dev/null >+++ b/Source/WTF/wtf/spi/darwin/DataVaultSPI.h >@@ -0,0 +1,40 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. ``AS IS'' AND ANY >+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE >+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR >+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, >+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, >+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR >+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY >+ * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT >+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE >+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+#if OS(DARWIN) >+ >+#if USE(APPLE_INTERNAL_SDK) >+#import <rootless.h> >+#endif >+ >+WTF_EXTERN_C_BEGIN >+ >+int rootless_check_datavault_flag(const char *path, const char *storage_class); >+ >+WTF_EXTERN_C_END >+ >+#endif // OS(DARWIN)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370300">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197898
:
369910
|
369958
|
370158
|
370220
| 370300 |
370333