WebKit Bugzilla
Attachment 371075 Details for
Bug 198318
: Optionally respect device management restrictions when loading from the network
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-198318-20190531121701.patch (text/plain), 88.37 KB, created by
Tim Horton
on 2019-05-31 12:17:02 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Tim Horton
Created:
2019-05-31 12:17:02 PDT
Size:
88.37 KB
patch
obsolete
>Subversion Revision: 245863 >diff --git a/Source/WTF/ChangeLog b/Source/WTF/ChangeLog >index 810e18d4d920aebf1eecac59ffce9b046af9123d..8c9e66e97dc959f6b9363b4728e023bbcde033a8 100644 >--- a/Source/WTF/ChangeLog >+++ b/Source/WTF/ChangeLog >@@ -1,3 +1,15 @@ >+2019-05-30 Tim Horton <timothy_horton@apple.com> >+ >+ Optionally respect device management restrictions when loading from the network >+ https://bugs.webkit.org/show_bug.cgi?id=198318 >+ <rdar://problem/44263806> >+ >+ Reviewed by Alex Christensen. >+ >+ * wtf/Platform.h: >+ Add a HAVE flag for DeviceManagement.framework. >+ It does exist in the simulator, but does not function; pretend it doesn't exist. >+ > 2019-05-29 Ryan Haddad <ryanhaddad@apple.com> > > Unreviewed, rolling out r245857. >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index b9caceeec616f0f7836228566437c414f6c6a518..1f26c3b9237cf0e699dfa38bed12ae5954cfacea 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,13 @@ >+2019-05-30 Tim Horton <timothy_horton@apple.com> >+ >+ Optionally respect device management restrictions when loading from the network >+ https://bugs.webkit.org/show_bug.cgi?id=198318 >+ <rdar://problem/44263806> >+ >+ Reviewed by Alex Christensen. >+ >+ * en.lproj/Localizable.strings: >+ > 2019-05-29 Ryan Haddad <ryanhaddad@apple.com> > > Unreviewed, rolling out r245857. >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index a5d19974be7797e3f76a4783617ccde4ce9696ac..dba0af857d69f435e913d1e4eb4cc78c253c90b3 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,115 @@ >+2019-05-30 Tim Horton <timothy_horton@apple.com> >+ >+ Optionally respect device management restrictions when loading from the network >+ https://bugs.webkit.org/show_bug.cgi?id=198318 >+ <rdar://problem/44263806> >+ >+ Reviewed by Alex Christensen. >+ >+ * Configurations/Network-iOS.entitlements: >+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: >+ Add some entitlements and sandbox holes required to talk to DeviceManagement. >+ >+ * NetworkProcess/NetworkCORSPreflightChecker.cpp: >+ (WebKit::NetworkCORSPreflightChecker::wasBlockedByRestrictions): >+ * NetworkProcess/NetworkCORSPreflightChecker.h: >+ * NetworkProcess/NetworkLoad.cpp: >+ (WebKit::NetworkLoad::wasBlockedByRestrictions): >+ * NetworkProcess/NetworkLoad.h: >+ * NetworkProcess/PingLoad.cpp: >+ (WebKit::PingLoad::wasBlockedByRestrictions): >+ * NetworkProcess/PingLoad.h: >+ * Shared/WebErrors.cpp: >+ (WebKit::wasBlockedByRestrictionsError): >+ * Shared/WebErrors.h: >+ * NetworkProcess/NetworkDataTask.cpp: >+ (WebKit::NetworkDataTask::create): >+ (WebKit::NetworkDataTask::failureTimerFired): >+ * NetworkProcess/NetworkDataTask.h: >+ * Shared/API/APIError.h: >+ * Shared/API/c/WKErrorRef.cpp: >+ (WKErrorGetErrorCode): >+ * Shared/API/c/WKErrorRef.h: >+ Plumb a new error for loads that are blocked by device management restrictions. >+ >+ * NetworkProcess/NetworkLoadParameters.h: >+ * NetworkProcess/NetworkResourceLoadParameters.cpp: >+ (WebKit::NetworkResourceLoadParameters::encode const): >+ (WebKit::NetworkResourceLoadParameters::decode): >+ * WebProcess/Network/WebLoaderStrategy.cpp: >+ (WebKit::WebLoaderStrategy::scheduleLoadFromNetworkProcess): >+ Plumb a new bit that indicates whether a load is for the main resource of a frame. >+ We will only apply device management restrictions to main resources. >+ >+ * NetworkProcess/NetworkSessionCreationParameters.cpp: >+ (WebKit::NetworkSessionCreationParameters::privateSessionParameters): >+ (WebKit::NetworkSessionCreationParameters::encode const): >+ (WebKit::NetworkSessionCreationParameters::decode): >+ * NetworkProcess/NetworkSessionCreationParameters.h: >+ * UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm: >+ (WebKit::WebsiteDataStore::parameters): >+ Plumb a new bit indicating whether a network session should respect device mangement >+ restrictions. >+ >+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.h: >+ * NetworkProcess/cocoa/NetworkDataTaskCocoa.mm: >+ (WebKit::NetworkDataTaskCocoa::NetworkDataTaskCocoa): >+ (WebKit::NetworkDataTaskCocoa::resume): >+ Defer resuming the load until we have a reply from DeviceManagement framework >+ about whether the URL should be blocked. If it is blocked, instead fail the load. >+ >+ * NetworkProcess/cocoa/NetworkSessionCocoa.h: >+ * NetworkProcess/cocoa/NetworkSessionCocoa.mm: >+ (-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]): >+ (WebKit::NetworkSessionCocoa::NetworkSessionCocoa): >+ (WebKit::NetworkSessionCocoa::deviceManagementPolicyMonitor): >+ Cache a single DMFWebsitePolicyMonitor instance per NetworkSession. >+ >+ * UIProcess/API/APIWebsiteDataStore.cpp: >+ (API::WebsiteDataStore::defaultDataStoreConfiguration): >+ The default data store is persistent; its configuration should reflect that. >+ >+ * UIProcess/API/Cocoa/WKProcessPool.mm: >+ (-[WKProcessPool _setAllowsAnySSLCertificateForServiceWorker:]): Style. >+ >+ * UIProcess/API/Cocoa/WKWebsiteDataStore.mm: >+ (-[WKWebsiteDataStore _initWithConfiguration:]): >+ Make it possible to create a non-persistent WKWebsiteDataStore from a >+ configuration, and ensure that it does not have any persistent storage directories set. >+ >+ * UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h: >+ * UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm: >+ (-[_WKWebsiteDataStoreConfiguration init]): >+ (-[_WKWebsiteDataStoreConfiguration initWithNonPersistentConfiguration]): >+ (-[_WKWebsiteDataStoreConfiguration isPersistent]): >+ (-[_WKWebsiteDataStoreConfiguration _setWebStorageDirectory:]): >+ (-[_WKWebsiteDataStoreConfiguration _setIndexedDBDatabaseDirectory:]): >+ (-[_WKWebsiteDataStoreConfiguration _setWebSQLDatabaseDirectory:]): >+ (-[_WKWebsiteDataStoreConfiguration _setCookieStorageFile:]): >+ (-[_WKWebsiteDataStoreConfiguration _setResourceLoadStatisticsDirectory:]): >+ (-[_WKWebsiteDataStoreConfiguration _setCacheStorageDirectory:]): >+ (-[_WKWebsiteDataStoreConfiguration _setServiceWorkerRegistrationDirectory:]): >+ (-[_WKWebsiteDataStoreConfiguration deviceManagementRestrictionsEnabled]): >+ (-[_WKWebsiteDataStoreConfiguration setDeviceManagementRestrictionsEnabled:]): >+ * UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp: >+ (WebKit::WebsiteDataStoreConfiguration::copy): >+ * UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h: >+ (WebKit::WebsiteDataStoreConfiguration::isPersistent const): >+ (WebKit::WebsiteDataStoreConfiguration::setPersistent): >+ (WebKit::WebsiteDataStoreConfiguration::perOriginStorageQuota const): >+ (WebKit::WebsiteDataStoreConfiguration::deviceManagementRestrictionsEnabled const): >+ (WebKit::WebsiteDataStoreConfiguration::setDeviceManagementRestrictionsEnabled): >+ (WebKit::WebsiteDataStoreConfiguration::perOriginStorageQuota): Deleted. >+ Make it possible to create a _WKWebsiteDataStoreConfiguration that will create a non-persistent >+ data store. Add a bit to _WKWebsiteDataStoreConfiguration that controls whether the network >+ session will respect device management restrictions. >+ >+ * WebKit.xcodeproj/project.pbxproj: >+ * WebKit/NetworkProcess/cocoa/DeviceManagementSoftLink.h: >+ * WebKit/NetworkProcess/cocoa/DeviceManagementSoftLink.mm: >+ * WebKit/Platform/spi/Cocoa/DeviceManagementSPI.h: >+ Add some soft-linking and SPI headers. >+ > 2019-05-29 Ryan Haddad <ryanhaddad@apple.com> > > Unreviewed, rolling out r245857. >diff --git a/Source/WTF/wtf/Platform.h b/Source/WTF/wtf/Platform.h >index 447bb18a8f028c29501d3931fb9557a8d53a2607..332eb3e7a8c223d7c091b6eabfaa1d8a8bc24c8d 100644 >--- a/Source/WTF/wtf/Platform.h >+++ b/Source/WTF/wtf/Platform.h >@@ -1547,6 +1547,10 @@ > #define HAVE_ROUTE_SHARING_POLICY_LONG_FORM_VIDEO 1 > #endif > >+#if (PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 120000 && !PLATFORM(IOS_SIMULATOR)) >+#define HAVE_DEVICE_MANAGEMENT 1 >+#endif >+ > #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MAX_ALLOWED < 101500 > #define USE_REALPATH_FOR_DLOPEN_PREFLIGHT 1 > #endif >diff --git a/Source/WebCore/en.lproj/Localizable.strings b/Source/WebCore/en.lproj/Localizable.strings >index f3597a38fca34c81cde6758e1364368f5757af91..a381069736231ec7e8d7ceb7eaec4f2630c0fc32 100644 >--- a/Source/WebCore/en.lproj/Localizable.strings >+++ b/Source/WebCore/en.lproj/Localizable.strings >@@ -802,6 +802,9 @@ > /* WebKitErrorFrameLoadBlockedByContentFilter description */ > "The URL was blocked by a content filter" = "The URL was blocked by a content filter"; > >+/* WebKitErrorFrameLoadBlockedByRestrictions description */ >+"The URL was blocked by device restrictions" = "The URL was blocked by device restrictions"; >+ > /* WKErrorWebViewInvalidated description */ > "The WKWebView was invalidated" = "The WKWebView was invalidated"; > >diff --git a/Source/WebKit/Configurations/Network-iOS.entitlements b/Source/WebKit/Configurations/Network-iOS.entitlements >index 2ee696638f672e6237da0b7478afe9936b48863a..53dfd56354099ef03091d1d5c594b3f173b28591 100644 >GIT binary patch >delta 244 >zcmX@a@|{U4sURn_xWvHVIwKP^3o9Et2L~4i5X1{;PgZ8swul#yOU}>LODrhJN!2ST >z$}CGPN!80u&CM^WEG|hbDJ_l{5G+njEJ;euDbXz`%1_J8Nd=0@O#CRr950|bc?P4V >z5|E2&MoMmqUO|3NW^!e`fY!u~T4|h|3%TP3q!B8^Q<J<iOZ5CwOUm<$vNQA2Ie~zI >xgF&3Zl_8CxieV<hQHCdsf{a3p!i=Jf#*8M6ri^9`V8Fx(p&10AG?ZdA2LQr*K2rby > >literal 578 >zcma)(-%G<V5XYalzar+niN1++9lA{zj#;oGK4#51L(?WC*VX>_UbljZ!hAixKR$Pt >z&Od6)4iKVo&5U1(OU|Gvoi@#W#-EG(<eJa3X?n4ITokYQig{}yvi$jOvtBTsNO|kM >z1u2)slI5HAQ^6=h%GH)L{*LHxr0lv*s6i!4R}aD{^WZ!L>^BsakU?nFoN7+#KX7QO >zO^Mlbl2*`X6fuU?twn<>R)i{I9}#M5Q87|5EfZ5Y=*fnm1^L_WRbNAcLRp)rvV?fv >z5zIj$2vWPY!6<fZqb(R6y>oAbakg>{sG)X&h!wW~E^Poi7b+25Spg;*EbIy9@5%@Y >ycVIE`fxs+$wWtu(aFt0KF%a^%gTBD-!JyclijM1y8akpJjj23+BbCQrWz$aq0m3u@ > >diff --git a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp >index 2b0a1c379ecd8662b0081f4db2ee517905a955c4..94f1277282b95321f6665cd4fb66b792dc8349bf 100644 >--- a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.cpp >@@ -163,6 +163,12 @@ void NetworkCORSPreflightChecker::cannotShowURL() > m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), "Preflight response was blocked"_s, ResourceError::Type::AccessControl }); > } > >+void NetworkCORSPreflightChecker::wasBlockedByRestrictions() >+{ >+ RELEASE_LOG_IF_ALLOWED("wasBlockedByRestrictions"); >+ m_completionCallback(ResourceError { errorDomainWebKitInternal, 0, m_parameters.originalRequest.url(), "Preflight response was blocked"_s, ResourceError::Type::AccessControl }); >+} >+ > NetworkTransactionInformation NetworkCORSPreflightChecker::takeInformation() > { > ASSERT(m_shouldCaptureExtraNetworkLoadMetrics); >diff --git a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h >index 4d3d169f6af9f43b761081cfbfe60afc5a393fd4..87248f0e0e128493a556e5cfb1c35bd534d91ee3 100644 >--- a/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h >+++ b/Source/WebKit/NetworkProcess/NetworkCORSPreflightChecker.h >@@ -72,6 +72,7 @@ private: > void didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend) final; > void wasBlocked() final; > void cannotShowURL() final; >+ void wasBlockedByRestrictions() final; > > Parameters m_parameters; > Ref<NetworkProcess> m_networkProcess; >diff --git a/Source/WebKit/NetworkProcess/NetworkDataTask.cpp b/Source/WebKit/NetworkProcess/NetworkDataTask.cpp >index f1f01115d231aabd7de0ed00c0784f188f09cc54..bcbae9d31fbf8e760e4d6ff66001286d0254aa3d 100644 >--- a/Source/WebKit/NetworkProcess/NetworkDataTask.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkDataTask.cpp >@@ -50,7 +50,7 @@ Ref<NetworkDataTask> NetworkDataTask::create(NetworkSession& session, NetworkDat > { > ASSERT(!parameters.request.url().protocolIsBlob()); > #if PLATFORM(COCOA) >- return NetworkDataTaskCocoa::create(session, client, parameters.request, parameters.webFrameID, parameters.webPageID, parameters.storedCredentialsPolicy, parameters.contentSniffingPolicy, parameters.contentEncodingSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect, parameters.shouldPreconnectOnly, parameters.isMainFrameNavigation, parameters.networkActivityTracker); >+ return NetworkDataTaskCocoa::create(session, client, parameters.request, parameters.webFrameID, parameters.webPageID, parameters.storedCredentialsPolicy, parameters.contentSniffingPolicy, parameters.contentEncodingSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect, parameters.shouldPreconnectOnly, parameters.isMainFrameNavigation, parameters.isMainResourceNavigationForAnyFrame, parameters.networkActivityTracker); > #endif > #if USE(SOUP) > return NetworkDataTaskSoup::create(session, client, parameters.request, parameters.storedCredentialsPolicy, parameters.contentSniffingPolicy, parameters.contentEncodingSniffingPolicy, parameters.shouldClearReferrerOnHTTPSToHTTPRedirect, parameters.isMainFrameNavigation); >@@ -133,6 +133,11 @@ void NetworkDataTask::failureTimerFired() > if (m_client) > m_client->cannotShowURL(); > return; >+ case RestrictedURLFailure: >+ m_scheduledFailureType = NoFailure; >+ if (m_client) >+ m_client->wasBlockedByRestrictions(); >+ return; > case NoFailure: > ASSERT_NOT_REACHED(); > break; >diff --git a/Source/WebKit/NetworkProcess/NetworkDataTask.h b/Source/WebKit/NetworkProcess/NetworkDataTask.h >index ce7b2ad506365a4328ba573af16170960babfbca..9f5fe1f4b38396490ccb4f4315c42e12beb67d07 100644 >--- a/Source/WebKit/NetworkProcess/NetworkDataTask.h >+++ b/Source/WebKit/NetworkProcess/NetworkDataTask.h >@@ -65,6 +65,7 @@ public: > virtual void didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend) = 0; > virtual void wasBlocked() = 0; > virtual void cannotShowURL() = 0; >+ virtual void wasBlockedByRestrictions() = 0; > > virtual bool shouldCaptureExtraNetworkLoadMetrics() const { return false; } > >@@ -134,7 +135,8 @@ protected: > enum FailureType { > NoFailure, > BlockedFailure, >- InvalidURLFailure >+ InvalidURLFailure, >+ RestrictedURLFailure > }; > void failureTimerFired(); > void scheduleFailure(FailureType); >diff --git a/Source/WebKit/NetworkProcess/NetworkLoad.cpp b/Source/WebKit/NetworkProcess/NetworkLoad.cpp >index 735f369a1ca06c27c61a830e68177298239dc6bc..9107fec1e34db44881622868622c8fbeb5b3883c 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoad.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkLoad.cpp >@@ -276,6 +276,10 @@ void NetworkLoad::cannotShowURL() > m_client.get().didFailLoading(cannotShowURLError(m_currentRequest)); > } > >+void NetworkLoad::wasBlockedByRestrictions() >+{ >+ m_client.get().didFailLoading(wasBlockedByRestrictionsError(m_currentRequest)); >+} > > String NetworkLoad::description() const > { >diff --git a/Source/WebKit/NetworkProcess/NetworkLoad.h b/Source/WebKit/NetworkProcess/NetworkLoad.h >index a5ebab60f72eea3f7191a5586e3a620c24f106cc..d415d04a29bf23f7b5ccf33b8480405983674b6c 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoad.h >+++ b/Source/WebKit/NetworkProcess/NetworkLoad.h >@@ -80,6 +80,7 @@ private: > void didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend) final; > void wasBlocked() final; > void cannotShowURL() final; >+ void wasBlockedByRestrictions() final; > > void notifyDidReceiveResponse(WebCore::ResourceResponse&&, ResponseCompletionHandler&&); > void throttleDelayCompleted(); >diff --git a/Source/WebKit/NetworkProcess/NetworkLoadParameters.h b/Source/WebKit/NetworkProcess/NetworkLoadParameters.h >index 89730cf9fd2699bcfd32ddc38ef8ce03746a3034..cfb2c75c0cd792a00a505c80b698c160a8021354 100644 >--- a/Source/WebKit/NetworkProcess/NetworkLoadParameters.h >+++ b/Source/WebKit/NetworkProcess/NetworkLoadParameters.h >@@ -51,6 +51,7 @@ public: > bool shouldClearReferrerOnHTTPSToHTTPRedirect { true }; > bool needsCertificateInfo { false }; > bool isMainFrameNavigation { false }; >+ bool isMainResourceNavigationForAnyFrame { false }; > Vector<RefPtr<WebCore::BlobDataFileReference>> blobFileReferences; > PreconnectOnly shouldPreconnectOnly { PreconnectOnly::No }; > Optional<NetworkActivityTracker> networkActivityTracker; >diff --git a/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp b/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp >index 33cdc4d17dbe2e0866e3612ef22761a38238059b..0e44594b89e666489aff128f8c51c0c6c1ace249 100644 >--- a/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkResourceLoadParameters.cpp >@@ -78,6 +78,7 @@ void NetworkResourceLoadParameters::encode(IPC::Encoder& encoder) const > encoder << shouldClearReferrerOnHTTPSToHTTPRedirect; > encoder << needsCertificateInfo; > encoder << isMainFrameNavigation; >+ encoder << isMainResourceNavigationForAnyFrame; > encoder << maximumBufferingTime; > > encoder << static_cast<bool>(sourceOrigin); >@@ -169,6 +170,8 @@ bool NetworkResourceLoadParameters::decode(IPC::Decoder& decoder, NetworkResourc > return false; > if (!decoder.decode(result.isMainFrameNavigation)) > return false; >+ if (!decoder.decode(result.isMainResourceNavigationForAnyFrame)) >+ return false; > if (!decoder.decode(result.maximumBufferingTime)) > return false; > >diff --git a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp >index 26bf19d9accb993b0af5319b11b275c1e23e4872..90deda42109597b3901d2620cd52fa02fe34f08d 100644 >--- a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp >+++ b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.cpp >@@ -50,7 +50,7 @@ NetworkSessionCreationParameters NetworkSessionCreationParameters::privateSessio > #if USE(CURL) > , { }, { } > #endif >- , { }, { }, false, { }, { }, { }, { }, { } >+ , { }, { }, false, { }, { }, { }, { }, { }, { }, { } > }; > } > >@@ -84,7 +84,10 @@ void NetworkSessionCreationParameters::encode(IPC::Encoder& encoder) const > encoder << enableResourceLoadStatisticsDebugMode; > encoder << resourceLoadStatisticsManualPrevalentResource; > >- encoder << localStorageDirectory << localStorageDirectoryExtensionHandle; >+ encoder << localStorageDirectory << localStorageDirectoryExtensionHandle; >+ >+ encoder << deviceManagementRestrictionsEnabled; >+ encoder << allLoadsBlockedByDeviceManagementRestrictionsForTesting; > } > > Optional<NetworkSessionCreationParameters> NetworkSessionCreationParameters::decode(IPC::Decoder& decoder) >@@ -208,6 +211,16 @@ Optional<NetworkSessionCreationParameters> NetworkSessionCreationParameters::dec > if (!localStorageDirectoryExtensionHandle) > return WTF::nullopt; > >+ Optional<bool> deviceManagementRestrictionsEnabled; >+ decoder >> deviceManagementRestrictionsEnabled; >+ if (!deviceManagementRestrictionsEnabled) >+ return WTF::nullopt; >+ >+ Optional<bool> allLoadsBlockedByDeviceManagementRestrictionsForTesting; >+ decoder >> allLoadsBlockedByDeviceManagementRestrictionsForTesting; >+ if (!allLoadsBlockedByDeviceManagementRestrictionsForTesting) >+ return WTF::nullopt; >+ > return {{ > sessionID > , WTFMove(*boundInterfaceIdentifier) >@@ -235,6 +248,8 @@ Optional<NetworkSessionCreationParameters> NetworkSessionCreationParameters::dec > , WTFMove(*enableResourceLoadStatistics) > , WTFMove(*shouldIncludeLocalhostInResourceLoadStatistics) > , WTFMove(*enableResourceLoadStatisticsDebugMode) >+ , WTFMove(*deviceManagementRestrictionsEnabled) >+ , WTFMove(*allLoadsBlockedByDeviceManagementRestrictionsForTesting) > , WTFMove(*resourceLoadStatisticsManualPrevalentResource) > , WTFMove(*localStorageDirectory) > , WTFMove(*localStorageDirectoryExtensionHandle) >diff --git a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h >index 6fc07aed24b40a67daf4c176e4f7dbf15b0b70c5..6559947f00db576fa4184a5697586a3d5ad28021 100644 >--- a/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h >+++ b/Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h >@@ -86,6 +86,8 @@ struct NetworkSessionCreationParameters { > bool enableResourceLoadStatistics { false }; > bool shouldIncludeLocalhostInResourceLoadStatistics { true }; > bool enableResourceLoadStatisticsDebugMode { false }; >+ bool deviceManagementRestrictionsEnabled { false }; >+ bool allLoadsBlockedByDeviceManagementRestrictionsForTesting { false }; > WebCore::RegistrableDomain resourceLoadStatisticsManualPrevalentResource { }; > > String localStorageDirectory; >diff --git a/Source/WebKit/NetworkProcess/PingLoad.cpp b/Source/WebKit/NetworkProcess/PingLoad.cpp >index 21bc7a4e9b23e227151d010e49554d9ccc5f4b2e..fe8f03abf99dbcddaee0db2e56a2c2a73c013ac5 100644 >--- a/Source/WebKit/NetworkProcess/PingLoad.cpp >+++ b/Source/WebKit/NetworkProcess/PingLoad.cpp >@@ -200,6 +200,12 @@ void PingLoad::cannotShowURL() > didFinish(cannotShowURLError(ResourceRequest { currentURL() })); > } > >+void PingLoad::wasBlockedByRestrictions() >+{ >+ RELEASE_LOG_IF_ALLOWED("wasBlockedByRestrictions"); >+ didFinish(wasBlockedByRestrictionsError(ResourceRequest { currentURL() })); >+} >+ > void PingLoad::timeoutTimerFired() > { > RELEASE_LOG_IF_ALLOWED("timeoutTimerFired"); >diff --git a/Source/WebKit/NetworkProcess/PingLoad.h b/Source/WebKit/NetworkProcess/PingLoad.h >index c7e12bb130d049c5d0a597c01fe5bffc8b221bf9..50592b75298e2dd3521cce6800905fb8aaf5cb1d 100644 >--- a/Source/WebKit/NetworkProcess/PingLoad.h >+++ b/Source/WebKit/NetworkProcess/PingLoad.h >@@ -58,6 +58,7 @@ private: > void didSendData(uint64_t totalBytesSent, uint64_t totalBytesExpectedToSend) final; > void wasBlocked() final; > void cannotShowURL() final; >+ void wasBlockedByRestrictions() final; > void timeoutTimerFired(); > > void loadRequest(NetworkProcess&, WebCore::ResourceRequest&&); >diff --git a/Source/WebKit/NetworkProcess/cocoa/DeviceManagementSoftLink.h b/Source/WebKit/NetworkProcess/cocoa/DeviceManagementSoftLink.h >new file mode 100644 >index 0000000000000000000000000000000000000000..03837a6baf83f8c54741d7f2acd02c68bb079f87 >--- /dev/null >+++ b/Source/WebKit/NetworkProcess/cocoa/DeviceManagementSoftLink.h >@@ -0,0 +1,36 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+#if HAVE(DEVICE_MANAGEMENT) >+ >+#import "DeviceManagementSPI.h" >+#import <wtf/SoftLinking.h> >+ >+SOFT_LINK_FRAMEWORK_FOR_HEADER(WebKit, DeviceManagement); >+SOFT_LINK_CLASS_FOR_HEADER(WebKit, DMFWebsitePolicyMonitor); >+ >+#endif // HAVE(DEVICE_MANAGEMENT) >diff --git a/Source/WebKit/NetworkProcess/cocoa/DeviceManagementSoftLink.mm b/Source/WebKit/NetworkProcess/cocoa/DeviceManagementSoftLink.mm >new file mode 100644 >index 0000000000000000000000000000000000000000..797c5e0d9071b7e7746021fa8938fe25121e80e0 >--- /dev/null >+++ b/Source/WebKit/NetworkProcess/cocoa/DeviceManagementSoftLink.mm >@@ -0,0 +1,36 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#import "config.h" >+ >+#if HAVE(DEVICE_MANAGEMENT) >+ >+#import "DeviceManagementSPI.h" >+#import <wtf/SoftLinking.h> >+ >+SOFT_LINK_PRIVATE_FRAMEWORK_FOR_SOURCE(WebKit, DeviceManagement); >+SOFT_LINK_CLASS_FOR_SOURCE(WebKit, DeviceManagement, DMFWebsitePolicyMonitor); >+ >+#endif // HAVE(DEVICE_MANAGEMENT) >diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h >index 2dd0e7d46bc719e96fa15074fed00b1c88665658..771b3ab59113e35197bb9ed284d0ecb0e230c6e2 100644 >--- a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h >+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.h >@@ -42,9 +42,9 @@ class NetworkSessionCocoa; > class NetworkDataTaskCocoa final : public NetworkDataTask { > friend class NetworkSessionCocoa; > public: >- static Ref<NetworkDataTask> create(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& request, uint64_t frameID, WebCore::PageIdentifier pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly, bool dataTaskIsForMainFrameNavigation, Optional<NetworkActivityTracker> networkActivityTracker) >+ static Ref<NetworkDataTask> create(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& request, uint64_t frameID, WebCore::PageIdentifier pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly, bool dataTaskIsForMainFrameNavigation, bool dataTaskIsForMainResourceNavigationForAnyFrame, Optional<NetworkActivityTracker> networkActivityTracker) > { >- return adoptRef(*new NetworkDataTaskCocoa(session, client, request, frameID, pageID, storedCredentialsPolicy, shouldContentSniff, shouldContentEncodingSniff, shouldClearReferrerOnHTTPSToHTTPRedirect, shouldPreconnectOnly, dataTaskIsForMainFrameNavigation, networkActivityTracker)); >+ return adoptRef(*new NetworkDataTaskCocoa(session, client, request, frameID, pageID, storedCredentialsPolicy, shouldContentSniff, shouldContentEncodingSniff, shouldClearReferrerOnHTTPSToHTTPRedirect, shouldPreconnectOnly, dataTaskIsForMainFrameNavigation, dataTaskIsForMainResourceNavigationForAnyFrame, networkActivityTracker)); > } > > ~NetworkDataTaskCocoa(); >@@ -75,7 +75,7 @@ public: > String description() const override; > > private: >- NetworkDataTaskCocoa(NetworkSession&, NetworkDataTaskClient&, const WebCore::ResourceRequest&, uint64_t frameID, WebCore::PageIdentifier, WebCore::StoredCredentialsPolicy, WebCore::ContentSniffingPolicy, WebCore::ContentEncodingSniffingPolicy, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly, bool dataTaskIsForMainFrameNavigation, Optional<NetworkActivityTracker>); >+ NetworkDataTaskCocoa(NetworkSession&, NetworkDataTaskClient&, const WebCore::ResourceRequest&, uint64_t frameID, WebCore::PageIdentifier, WebCore::StoredCredentialsPolicy, WebCore::ContentSniffingPolicy, WebCore::ContentEncodingSniffingPolicy, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly, bool dataTaskIsForMainFrameNavigation, bool dataTaskIsForMainResourceNavigationForAnyFrame, Optional<NetworkActivityTracker>); > > bool tryPasswordBasedAuthentication(const WebCore::AuthenticationChallenge&, ChallengeCompletionHandler&); > void applySniffingPoliciesAndBindRequestToInferfaceIfNeeded(__strong NSURLRequest*&, bool shouldContentSniff, bool shouldContentEncodingSniff); >@@ -98,6 +98,8 @@ private: > #if ENABLE(RESOURCE_LOAD_STATISTICS) > bool m_hasBeenSetToUseStatelessCookieStorage { false }; > #endif >+ >+ bool m_isForMainResourceNavigationForAnyFrame { false }; > }; > > WebCore::Credential serverTrustCredential(const WebCore::AuthenticationChallenge&); >diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm >index 28a05e80db685af67b284c842317194f97e87e3e..d9a9b80b0209a325df31b81064e9406f4a70ca66 100644 >--- a/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm >+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm >@@ -28,6 +28,7 @@ > > #import "AuthenticationChallengeDisposition.h" > #import "AuthenticationManager.h" >+#import "DeviceManagementSPI.h" > #import "Download.h" > #import "DownloadProxyMessages.h" > #import "Logging.h" >@@ -39,6 +40,7 @@ > #import <WebCore/NotImplemented.h> > #import <WebCore/ResourceRequest.h> > #import <pal/spi/cf/CFNetworkSPI.h> >+#import <wtf/BlockPtr.h> > #import <wtf/FileSystem.h> > #import <wtf/MainThread.h> > #import <wtf/ProcessPrivilege.h> >@@ -160,10 +162,11 @@ static void updateTaskWithFirstPartyForSameSiteCookies(NSURLSessionDataTask* tas > #endif > } > >-NetworkDataTaskCocoa::NetworkDataTaskCocoa(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials, uint64_t frameID, WebCore::PageIdentifier pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly, bool dataTaskIsForMainFrameNavigation, Optional<NetworkActivityTracker> networkActivityTracker) >+NetworkDataTaskCocoa::NetworkDataTaskCocoa(NetworkSession& session, NetworkDataTaskClient& client, const WebCore::ResourceRequest& requestWithCredentials, uint64_t frameID, WebCore::PageIdentifier pageID, WebCore::StoredCredentialsPolicy storedCredentialsPolicy, WebCore::ContentSniffingPolicy shouldContentSniff, WebCore::ContentEncodingSniffingPolicy shouldContentEncodingSniff, bool shouldClearReferrerOnHTTPSToHTTPRedirect, PreconnectOnly shouldPreconnectOnly, bool dataTaskIsForMainFrameNavigation, bool dataTaskIsForMainResourceNavigationForAnyFrame, Optional<NetworkActivityTracker> networkActivityTracker) > : NetworkDataTask(session, client, requestWithCredentials, storedCredentialsPolicy, shouldClearReferrerOnHTTPSToHTTPRedirect, dataTaskIsForMainFrameNavigation) > , m_frameID(frameID) > , m_pageID(pageID) >+ , m_isForMainResourceNavigationForAnyFrame(dataTaskIsForMainResourceNavigationForAnyFrame) > { > if (m_scheduledFailureType != NoFailure) > return; >@@ -489,6 +492,36 @@ void NetworkDataTaskCocoa::resume() > { > if (m_scheduledFailureType != NoFailure) > m_failureTimer.startOneShot(0_s); >+ >+ auto& cocoaSession = static_cast<NetworkSessionCocoa&>(m_session.get()); >+ if (cocoaSession.deviceManagementRestrictionsEnabled() && m_isForMainResourceNavigationForAnyFrame) { >+ auto didDetermineDeviceRestrictionPolicyForURL = makeBlockPtr([this, protectedThis = makeRef(*this)](BOOL isBlocked) { >+ callOnMainThread([this, protectedThis = makeRef(*this), isBlocked] { >+ if (isBlocked) { >+ scheduleFailure(RestrictedURLFailure); >+ return; >+ } >+ >+ [m_task resume]; >+ }); >+ }); >+ >+#if HAVE(DEVICE_MANAGEMENT) >+ if (cocoaSession.allLoadsBlockedByDeviceManagementRestrictionsForTesting()) >+ didDetermineDeviceRestrictionPolicyForURL(true); >+ else { >+ RetainPtr<NSURL> urlToCheck = [m_task currentRequest].URL; >+ [cocoaSession.deviceManagementPolicyMonitor() requestPoliciesForWebsites:@[ urlToCheck.get() ] completionHandler:makeBlockPtr([didDetermineDeviceRestrictionPolicyForURL, urlToCheck] (NSDictionary<NSURL *, NSNumber *> *policies, NSError *error) { >+ bool isBlocked = error || policies[urlToCheck.get()].integerValue != DMFPolicyOK; >+ didDetermineDeviceRestrictionPolicyForURL(isBlocked); >+ }).get()]; >+ } >+#else >+ didDetermineDeviceRestrictionPolicyForURL(cocoaSession.allLoadsBlockedByDeviceManagementRestrictionsForTesting()); >+#endif >+ return; >+ } >+ > [m_task resume]; > } > >diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h >index 3d1a49f27325f49675412540057ef110662140b2..2c31d878499bceca19112af3a61a6697b0a2292f 100644 >--- a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h >+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h >@@ -25,6 +25,7 @@ > > #pragma once > >+OBJC_CLASS DMFWebsitePolicyMonitor; > OBJC_CLASS NSData; > OBJC_CLASS NSURLSession; > OBJC_CLASS NSURLSessionDownloadTask; >@@ -69,6 +70,10 @@ public: > > void continueDidReceiveChallenge(const WebCore::AuthenticationChallenge&, NetworkDataTaskCocoa::TaskIdentifier, NetworkDataTaskCocoa*, CompletionHandler<void(WebKit::AuthenticationChallengeDisposition, const WebCore::Credential&)>&&); > >+ bool deviceManagementRestrictionsEnabled() const { return m_deviceManagementRestrictionsEnabled; } >+ bool allLoadsBlockedByDeviceManagementRestrictionsForTesting() const { return m_allLoadsBlockedByDeviceManagementRestrictionsForTesting; } >+ DMFWebsitePolicyMonitor *deviceManagementPolicyMonitor(); >+ > private: > NetworkSessionCocoa(NetworkProcess&, NetworkSessionCreationParameters&&); > >@@ -93,6 +98,9 @@ private: > String m_sourceApplicationBundleIdentifier; > String m_sourceApplicationSecondaryIdentifier; > RetainPtr<CFDictionaryRef> m_proxyConfiguration; >+ RetainPtr<DMFWebsitePolicyMonitor> m_deviceManagementPolicyMonitor; >+ bool m_deviceManagementRestrictionsEnabled { false }; >+ bool m_allLoadsBlockedByDeviceManagementRestrictionsForTesting { false }; > bool m_shouldLogCookieInformation { false }; > Seconds m_loadThrottleLatency; > }; >diff --git a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm >index c4ca391df7eb819a686dbbcf01fbcd647cee71db..9f8cf0ec218fa9bdcb721bd2c659b5f04ae2ad8a 100644 >--- a/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm >+++ b/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm >@@ -51,6 +51,7 @@ > #import <wtf/NeverDestroyed.h> > #import <wtf/ObjCRuntimeExtras.h> > #import <wtf/ProcessPrivilege.h> >+#import <wtf/SoftLinking.h> > #import <wtf/URL.h> > #import <wtf/text/WTFString.h> > >@@ -58,6 +59,8 @@ > #include <WebKitAdditions/NetworkSessionCocoaAdditions.h> > #endif > >+#import "DeviceManagementSoftLink.h" >+ > using namespace WebKit; > > CFStringRef const WebKit2HTTPProxyDefaultsKey = static_cast<CFStringRef>(@"WebKit2HTTPProxy"); >@@ -713,7 +716,7 @@ - (void)URLSession:(NSURLSession *)session dataTask:(NSURLSessionDataTask *)data > ASSERT(RunLoop::isMain()); > > // Avoid MIME type sniffing if the response comes back as 304 Not Modified. >- int statusCode = [response respondsToSelector:@selector(statusCode)] ? [(id)response statusCode] : 0; >+ int statusCode = [response isKindOfClass:NSHTTPURLResponse.class] ? [(NSHTTPURLResponse *)response statusCode] : 0; > if (statusCode != 304) { > bool isMainResourceLoad = networkDataTask->firstRequest().requester() == WebCore::ResourceRequest::Requester::Main; > WebCore::adjustMIMETypeIfNecessary(response._CFURLResponse, isMainResourceLoad); >@@ -981,6 +984,9 @@ NetworkSessionCocoa::NetworkSessionCocoa(NetworkProcess& networkProcess, Network > m_statelessSessionDelegate = adoptNS([[WKNetworkSessionDelegate alloc] initWithNetworkSession:*this withCredentials:false]); > m_statelessSession = [NSURLSession sessionWithConfiguration:configuration delegate:static_cast<id>(m_statelessSessionDelegate.get()) delegateQueue:[NSOperationQueue mainQueue]]; > >+ m_deviceManagementRestrictionsEnabled = parameters.deviceManagementRestrictionsEnabled; >+ m_allLoadsBlockedByDeviceManagementRestrictionsForTesting = parameters.allLoadsBlockedByDeviceManagementRestrictionsForTesting; >+ > #if ENABLE(RESOURCE_LOAD_STATISTICS) > m_resourceLoadStatisticsDirectory = parameters.resourceLoadStatisticsDirectory; > m_shouldIncludeLocalhostInResourceLoadStatistics = parameters.shouldIncludeLocalhostInResourceLoadStatistics ? ShouldIncludeLocalhost::Yes : ShouldIncludeLocalhost::No; >@@ -1167,4 +1173,17 @@ void NetworkSessionCocoa::continueDidReceiveChallenge(const WebCore::Authenticat > networkDataTask->didReceiveChallenge(WTFMove(authenticationChallenge), WTFMove(challengeCompletionHandler)); > } > >+DMFWebsitePolicyMonitor *NetworkSessionCocoa::deviceManagementPolicyMonitor() >+{ >+#if HAVE(DEVICE_MANAGEMENT) >+ ASSERT(m_deviceManagementRestrictionsEnabled); >+ if (!m_deviceManagementPolicyMonitor) >+ m_deviceManagementPolicyMonitor = adoptNS([allocDMFWebsitePolicyMonitorInstance() initWithPolicyChangeHandler:nil]); >+ return m_deviceManagementPolicyMonitor.get(); >+#else >+ RELEASE_ASSERT_NOT_REACHED(); >+ return nil; >+#endif >+} >+ > } >diff --git a/Source/WebKit/Platform/spi/Cocoa/DeviceManagementSPI.h b/Source/WebKit/Platform/spi/Cocoa/DeviceManagementSPI.h >new file mode 100644 >index 0000000000000000000000000000000000000000..a1cfd5b5e5e90117706a7858152c89c2b3545d16 >--- /dev/null >+++ b/Source/WebKit/Platform/spi/Cocoa/DeviceManagementSPI.h >@@ -0,0 +1,50 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#pragma once >+ >+#if HAVE(DEVICE_MANAGEMENT) >+ >+#if USE(APPLE_INTERNAL_SDK) >+ >+#import <DeviceManagement/DeviceManagement.h> >+ >+#else >+ >+@interface DMFWebsitePolicyMonitor : NSObject >+ >+- (instancetype)initWithPolicyChangeHandler:(void(^)(void))changeHandler; >+- (void)requestPoliciesForWebsites:(NSArray<NSURL *> *)websiteURLs completionHandler:(void (^)(NSDictionary<NSURL *, NSNumber *> *policies, NSError *error))completionHandler; >+ >+@end >+ >+typedef NS_ENUM(NSInteger, DMFPolicy) { >+ DMFPolicyOK = 0, >+ DMFPolicyBlocked = 4, >+}; >+ >+#endif // USE(APPLE_INTERNAL_SDK) >+ >+#endif // HAVE(DEVICE_MANAGEMENT) >diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb >index da60b1bbfe2c960c0ab88e32b82a02d57007052a..80716ec64348bfb448ede6762d4c0dd9c19cdf7f 100644 >--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb >+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb >@@ -82,6 +82,11 @@ > (global-name "com.apple.passd.in-app-payment") > (global-name "com.apple.passd.library")) > >+(allow mach-lookup >+ (global-name "com.apple.dmd.policy") >+ (global-name "com.apple.siri.context.service") >+ (global-name "com.apple.ctcategories.service")) >+ > (deny file-write-create > (vnode-type SYMLINK)) > >diff --git a/Source/WebKit/Shared/API/APIError.h b/Source/WebKit/Shared/API/APIError.h >index 442d676ed27499f0f2a2bd4cd5472d74139dd3dd..87367cd243158f107dcc3b03ab2a806b79d0d07e 100644 >--- a/Source/WebKit/Shared/API/APIError.h >+++ b/Source/WebKit/Shared/API/APIError.h >@@ -65,7 +65,8 @@ public: > FrameLoadInterruptedByPolicyChange = 102, > CannotUseRestrictedPort = 103, > FrameLoadBlockedByContentBlocker = 104, >- FrameLoadBlockedByContentFilter = 105 >+ FrameLoadBlockedByContentFilter = 105, >+ FrameLoadBlockedByRestrictions = 106, > }; > static const WTF::String& webKitPolicyErrorDomain(); > >diff --git a/Source/WebKit/Shared/API/c/WKErrorRef.cpp b/Source/WebKit/Shared/API/c/WKErrorRef.cpp >index 4793a57fd2f154fec71d984b78fb48ad8492912e..e6ce6d94a13782690896ec7b307223400b3fe392 100644 >--- a/Source/WebKit/Shared/API/c/WKErrorRef.cpp >+++ b/Source/WebKit/Shared/API/c/WKErrorRef.cpp >@@ -58,6 +58,8 @@ int WKErrorGetErrorCode(WKErrorRef errorRef) > return kWKErrorCodeCannotUseRestrictedPort; > case API::Error::Policy::FrameLoadBlockedByContentBlocker: > return kWKErrorCodeFrameLoadBlockedByContentBlocker; >+ case API::Error::Policy::FrameLoadBlockedByRestrictions: >+ return kWKErrorCodeFrameLoadBlockedByRestrictions; > case API::Error::Policy::FrameLoadBlockedByContentFilter: > return kWKErrorCodeFrameLoadBlockedByContentFilter; > case API::Error::Plugin::CannotFindPlugIn: >diff --git a/Source/WebKit/Shared/API/c/WKErrorRef.h b/Source/WebKit/Shared/API/c/WKErrorRef.h >index 0d76384d344a0105a778a5e5d7b78fc46830368d..e990c4429d4721693850a905779cf86c4167bced 100644 >--- a/Source/WebKit/Shared/API/c/WKErrorRef.h >+++ b/Source/WebKit/Shared/API/c/WKErrorRef.h >@@ -39,6 +39,7 @@ enum { > kWKErrorCodeCannotUseRestrictedPort = 103, > kWKErrorCodeFrameLoadBlockedByContentBlocker = 104, > kWKErrorCodeFrameLoadBlockedByContentFilter = 105, >+ kWKErrorCodeFrameLoadBlockedByRestrictions = 106, > kWKErrorCodeCannotFindPlugIn = 200, > kWKErrorCodeCannotLoadPlugIn = 201, > kWKErrorCodeJavaUnavailable = 202, >diff --git a/Source/WebKit/Shared/WebErrors.cpp b/Source/WebKit/Shared/WebErrors.cpp >index b6dc50ceb55caf65bbe19af6e327d512009a3fa8..6cfa25c66add17ad7b314eeab75efb41ce7c5254 100644 >--- a/Source/WebKit/Shared/WebErrors.cpp >+++ b/Source/WebKit/Shared/WebErrors.cpp >@@ -52,6 +52,11 @@ ResourceError cannotShowURLError(const ResourceRequest& request) > return ResourceError(API::Error::webKitPolicyErrorDomain(), API::Error::Policy::CannotShowURL, request.url(), WEB_UI_STRING("The URL canât be shown", "WebKitErrorCannotShowURL description")); > } > >+ResourceError wasBlockedByRestrictionsError(const ResourceRequest& request) >+{ >+ return ResourceError(API::Error::webKitPolicyErrorDomain(), API::Error::Policy::FrameLoadBlockedByRestrictions, request.url(), WEB_UI_STRING("The URL was blocked by device restrictions", "WebKitErrorFrameLoadBlockedByRestrictions description")); >+} >+ > ResourceError interruptedForPolicyChangeError(const ResourceRequest& request) > { > return ResourceError(API::Error::webKitPolicyErrorDomain(), API::Error::Policy::FrameLoadInterruptedByPolicyChange, request.url(), WEB_UI_STRING("Frame load interrupted", "WebKitErrorFrameLoadInterruptedByPolicyChange description")); >diff --git a/Source/WebKit/Shared/WebErrors.h b/Source/WebKit/Shared/WebErrors.h >index 7d600c6d23b55dcc39630990407ce744446cb486..9f0a002b6cb1a6152a1d8837aea9b4c2f8a2ab0e 100644 >--- a/Source/WebKit/Shared/WebErrors.h >+++ b/Source/WebKit/Shared/WebErrors.h >@@ -39,6 +39,7 @@ WebCore::ResourceError cancelledError(const WebCore::ResourceRequest&); > WebCore::ResourceError blockedError(const WebCore::ResourceRequest&); > WebCore::ResourceError blockedByContentBlockerError(const WebCore::ResourceRequest&); > WebCore::ResourceError cannotShowURLError(const WebCore::ResourceRequest&); >+WebCore::ResourceError wasBlockedByRestrictionsError(const WebCore::ResourceRequest&); > WebCore::ResourceError interruptedForPolicyChangeError(const WebCore::ResourceRequest&); > WebCore::ResourceError failedCustomProtocolSyncLoad(const WebCore::ResourceRequest&); > #if ENABLE(CONTENT_FILTERING) >diff --git a/Source/WebKit/UIProcess/API/APIWebsiteDataStore.cpp b/Source/WebKit/UIProcess/API/APIWebsiteDataStore.cpp >index f74b2c5db97f12d82506206e7896ecbb2960df5f..949974024800fb237f53caf8df8dc1b2a698c744 100644 >--- a/Source/WebKit/UIProcess/API/APIWebsiteDataStore.cpp >+++ b/Source/WebKit/UIProcess/API/APIWebsiteDataStore.cpp >@@ -145,6 +145,8 @@ Ref<WebKit::WebsiteDataStoreConfiguration> WebsiteDataStore::defaultDataStoreCon > { > auto configuration = WebKit::WebsiteDataStoreConfiguration::create(); > >+ configuration->setPersistent(true); >+ > configuration->setApplicationCacheDirectory(defaultApplicationCacheDirectory()); > configuration->setApplicationCacheFlatFileSubdirectoryName("Files"); > configuration->setCacheStorageDirectory(defaultCacheStorageDirectory()); >diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKErrorPrivate.h b/Source/WebKit/UIProcess/API/Cocoa/WKErrorPrivate.h >index f9c12d23ce67da151bf69bce2e4632cf634223ce..b5d4c3dc15b35a5062508d80460333a25f099e37 100644 >--- a/Source/WebKit/UIProcess/API/Cocoa/WKErrorPrivate.h >+++ b/Source/WebKit/UIProcess/API/Cocoa/WKErrorPrivate.h >@@ -29,6 +29,7 @@ WK_EXTERN NSString * const _WKLegacyErrorDomain WK_API_AVAILABLE(macos(10.11), i > > typedef NS_ENUM(NSInteger, _WKLegacyErrorCode) { > _WKErrorCodeFrameLoadInterruptedByPolicyChange WK_API_AVAILABLE(macos(10.11), ios(9.0)) = 102, >+ _WKErrorCodeFrameLoadBlockedByRestrictions WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)) = 106, > _WKLegacyErrorPlugInWillHandleLoad = 204, > } WK_API_AVAILABLE(macos(10.11), ios(8.3)); > >diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm b/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm >index 1688a0aca8196044e66f2e1475136da685a074b6..b0ac76bef1229d0b3f07fe86f971ab31c60461b9 100644 >--- a/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm >+++ b/Source/WebKit/UIProcess/API/Cocoa/WKProcessPool.mm >@@ -584,7 +584,7 @@ - (void)_synthesizeAppIsBackground:(BOOL)background > _processPool->synthesizeAppIsBackground(background); > } > >-- (void)_setAllowsAnySSLCertificateForServiceWorker:(BOOL) allows >+- (void)_setAllowsAnySSLCertificateForServiceWorker:(BOOL)allows > { > #if ENABLE(SERVICE_WORKER) > _processPool->setAllowsAnySSLCertificateForServiceWorker(allows); >diff --git a/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm b/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm >index 26298ebcec5774e340661ea9fb1a4b28ea50a343..3db26c1d988828d6212befbba485090d70147861 100644 >--- a/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm >+++ b/Source/WebKit/UIProcess/API/Cocoa/WKWebsiteDataStore.mm >@@ -229,22 +229,35 @@ - (instancetype)_initWithConfiguration:(_WKWebsiteDataStoreConfiguration *)confi > if (!(self = [super init])) > return nil; > >- auto config = API::WebsiteDataStore::defaultDataStoreConfiguration(); >- >- if (configuration._webStorageDirectory) >- config->setLocalStorageDirectory(configuration._webStorageDirectory.path); >- if (configuration._webSQLDatabaseDirectory) >- config->setWebSQLDatabaseDirectory(configuration._webSQLDatabaseDirectory.path); >- if (configuration._indexedDBDatabaseDirectory) >- config->setIndexedDBDatabaseDirectory(configuration._indexedDBDatabaseDirectory.path); >- if (configuration._cookieStorageFile) >- config->setCookieStorageFile(configuration._cookieStorageFile.path); >- if (configuration._resourceLoadStatisticsDirectory) >- config->setResourceLoadStatisticsDirectory(configuration._resourceLoadStatisticsDirectory.path); >- if (configuration._cacheStorageDirectory) >- config->setCacheStorageDirectory(configuration._cacheStorageDirectory.path); >- if (configuration._serviceWorkerRegistrationDirectory) >- config->setServiceWorkerRegistrationDirectory(configuration._serviceWorkerRegistrationDirectory.path); >+ auto config = configuration.isPersistent ? API::WebsiteDataStore::defaultDataStoreConfiguration() : WebKit::WebsiteDataStoreConfiguration::create(); >+ >+ RELEASE_ASSERT(config->isPersistent() == configuration.isPersistent); >+ >+ if (configuration.isPersistent) { >+ if (configuration._webStorageDirectory) >+ config->setLocalStorageDirectory(configuration._webStorageDirectory.path); >+ if (configuration._webSQLDatabaseDirectory) >+ config->setWebSQLDatabaseDirectory(configuration._webSQLDatabaseDirectory.path); >+ if (configuration._indexedDBDatabaseDirectory) >+ config->setIndexedDBDatabaseDirectory(configuration._indexedDBDatabaseDirectory.path); >+ if (configuration._cookieStorageFile) >+ config->setCookieStorageFile(configuration._cookieStorageFile.path); >+ if (configuration._resourceLoadStatisticsDirectory) >+ config->setResourceLoadStatisticsDirectory(configuration._resourceLoadStatisticsDirectory.path); >+ if (configuration._cacheStorageDirectory) >+ config->setCacheStorageDirectory(configuration._cacheStorageDirectory.path); >+ if (configuration._serviceWorkerRegistrationDirectory) >+ config->setServiceWorkerRegistrationDirectory(configuration._serviceWorkerRegistrationDirectory.path); >+ } else { >+ RELEASE_ASSERT(!configuration._webStorageDirectory); >+ RELEASE_ASSERT(!configuration._webSQLDatabaseDirectory); >+ RELEASE_ASSERT(!configuration._indexedDBDatabaseDirectory); >+ RELEASE_ASSERT(!configuration._cookieStorageFile); >+ RELEASE_ASSERT(!configuration._resourceLoadStatisticsDirectory); >+ RELEASE_ASSERT(!configuration._cacheStorageDirectory); >+ RELEASE_ASSERT(!configuration._serviceWorkerRegistrationDirectory); >+ } >+ > if (configuration.sourceApplicationBundleIdentifier) > config->setSourceApplicationBundleIdentifier(configuration.sourceApplicationBundleIdentifier); > if (configuration.sourceApplicationSecondaryIdentifier) >@@ -253,8 +266,12 @@ - (instancetype)_initWithConfiguration:(_WKWebsiteDataStoreConfiguration *)confi > config->setHTTPProxy(configuration.httpProxy); > if (configuration.httpsProxy) > config->setHTTPSProxy(configuration.httpsProxy); >+ config->setDeviceManagementRestrictionsEnabled(configuration.deviceManagementRestrictionsEnabled); >+ config->setAllLoadsBlockedByDeviceManagementRestrictionsForTesting(configuration.allLoadsBlockedByDeviceManagementRestrictionsForTesting); >+ >+ auto sessionID = configuration.isPersistent ? PAL::SessionID::generatePersistentSessionID() : PAL::SessionID::generateEphemeralSessionID(); > >- API::Object::constructInWrapper<API::WebsiteDataStore>(self, WTFMove(config), PAL::SessionID::generatePersistentSessionID()); >+ API::Object::constructInWrapper<API::WebsiteDataStore>(self, WTFMove(config), sessionID); > > return self; > } >diff --git a/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h b/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h >index 59f984e487adf3f042d96737a9b47da79e22d3b0..06a70ee64c2d8782eaf33a2795b1f85c7379408b 100644 >--- a/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h >+++ b/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.h >@@ -32,6 +32,20 @@ NS_ASSUME_NONNULL_BEGIN > WK_CLASS_AVAILABLE(macos(10.13), ios(11.0)) > @interface _WKWebsiteDataStoreConfiguration : NSObject > >+- (instancetype)init; // Creates a persistent configuration. >+- (instancetype)initNonPersistentConfiguration WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); >+ >+@property (nonatomic, readonly, getter=isPersistent) BOOL persistent WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); >+ >+// These properties apply to both persistent and non-persistent data stores. >+@property (nonatomic, nullable, copy) NSString *sourceApplicationBundleIdentifier WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); >+@property (nonatomic, nullable, copy) NSString *sourceApplicationSecondaryIdentifier WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); >+@property (nonatomic, nullable, copy, setter=setHTTPProxy:) NSURL *httpProxy WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); >+@property (nonatomic, nullable, copy, setter=setHTTPSProxy:) NSURL *httpsProxy WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); >+@property (nonatomic) BOOL deviceManagementRestrictionsEnabled WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); >+ >+// These properties only make sense for persistent data stores, and will throw >+// an exception if set for non-persistent stores. > @property (nonatomic, copy, setter=_setWebStorageDirectory:) NSURL *_webStorageDirectory; > @property (nonatomic, copy, setter=_setIndexedDBDatabaseDirectory:) NSURL *_indexedDBDatabaseDirectory; > @property (nonatomic, copy, setter=_setWebSQLDatabaseDirectory:) NSURL *_webSQLDatabaseDirectory; >@@ -39,10 +53,9 @@ WK_CLASS_AVAILABLE(macos(10.13), ios(11.0)) > @property (nonatomic, copy, setter=_setResourceLoadStatisticsDirectory:) NSURL *_resourceLoadStatisticsDirectory WK_API_AVAILABLE(macos(10.13.4), ios(11.3)); > @property (nonatomic, copy, setter=_setCacheStorageDirectory:) NSURL *_cacheStorageDirectory WK_API_AVAILABLE(macos(10.13.4), ios(11.3)); > @property (nonatomic, copy, setter=_setServiceWorkerRegistrationDirectory:) NSURL *_serviceWorkerRegistrationDirectory WK_API_AVAILABLE(macos(10.13.4), ios(11.3)); >-@property (nonatomic, nullable, copy) NSString *sourceApplicationBundleIdentifier WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); >-@property (nonatomic, nullable, copy) NSString *sourceApplicationSecondaryIdentifier WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); >-@property (nonatomic, nullable, copy, setter=setHTTPProxy:) NSURL *httpProxy WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); >-@property (nonatomic, nullable, copy, setter=setHTTPSProxy:) NSURL *httpsProxy WK_API_AVAILABLE(macos(10.14.4), ios(12.2)); >+ >+// Testing only. >+@property (nonatomic) BOOL allLoadsBlockedByDeviceManagementRestrictionsForTesting WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA)); > > @end > >diff --git a/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm b/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm >index 2a0510ec89f5eab81c53f27e2e0d0036f60ba029..267a3f54c264d2fa8b753bef51d6debf7c3a5b06 100644 >--- a/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm >+++ b/Source/WebKit/UIProcess/API/Cocoa/_WKWebsiteDataStoreConfiguration.mm >@@ -36,6 +36,33 @@ static void checkURLArgument(NSURL *url) > > @implementation _WKWebsiteDataStoreConfiguration > >+- (instancetype)init >+{ >+ self = [super init]; >+ if (!self) >+ return nil; >+ >+ _configuration->setPersistent(true); >+ >+ return self; >+} >+ >+- (instancetype)initNonPersistentConfiguration >+{ >+ self = [super init]; >+ if (!self) >+ return nil; >+ >+ _configuration->setPersistent(false); >+ >+ return self; >+} >+ >+- (BOOL)isPersistent >+{ >+ return _configuration->isPersistent(); >+} >+ > - (NSURL *)_webStorageDirectory > { > return [NSURL fileURLWithPath:_configuration->webStorageDirectory() isDirectory:YES]; >@@ -43,6 +70,8 @@ - (NSURL *)_webStorageDirectory > > - (void)_setWebStorageDirectory:(NSURL *)url > { >+ if (!_configuration->isPersistent()) >+ [NSException raise:NSInvalidArgumentException format:@"Cannot set _webStorageDirectory on a non-persistent _WKWebsiteDataStoreConfiguration."]; > checkURLArgument(url); > _configuration->setWebStorageDirectory(url.path); > } >@@ -54,6 +83,8 @@ - (NSURL *)_indexedDBDatabaseDirectory > > - (void)_setIndexedDBDatabaseDirectory:(NSURL *)url > { >+ if (!_configuration->isPersistent()) >+ [NSException raise:NSInvalidArgumentException format:@"Cannot set _indexedDBDatabaseDirectory on a non-persistent _WKWebsiteDataStoreConfiguration."]; > checkURLArgument(url); > _configuration->setIndexedDBDatabaseDirectory(url.path); > } >@@ -65,6 +96,8 @@ - (NSURL *)_webSQLDatabaseDirectory > > - (void)_setWebSQLDatabaseDirectory:(NSURL *)url > { >+ if (!_configuration->isPersistent()) >+ [NSException raise:NSInvalidArgumentException format:@"Cannot set _webSQLDatabaseDirectory on a non-persistent _WKWebsiteDataStoreConfiguration."]; > checkURLArgument(url); > _configuration->setWebSQLDatabaseDirectory(url.path); > } >@@ -96,6 +129,8 @@ - (NSURL *)_cookieStorageFile > > - (void)_setCookieStorageFile:(NSURL *)url > { >+ if (!_configuration->isPersistent()) >+ [NSException raise:NSInvalidArgumentException format:@"Cannot set _cookieStorageFile on a non-persistent _WKWebsiteDataStoreConfiguration."]; > checkURLArgument(url); > if ([url hasDirectoryPath]) > [NSException raise:NSInvalidArgumentException format:@"The cookie storage path must point to a file, not a directory."]; >@@ -110,6 +145,8 @@ - (NSURL *)_resourceLoadStatisticsDirectory > > - (void)_setResourceLoadStatisticsDirectory:(NSURL *)url > { >+ if (!_configuration->isPersistent()) >+ [NSException raise:NSInvalidArgumentException format:@"Cannot set _resourceLoadStatisticsDirectory on a non-persistent _WKWebsiteDataStoreConfiguration."]; > checkURLArgument(url); > _configuration->setResourceLoadStatisticsDirectory(url.path); > } >@@ -121,6 +158,8 @@ - (NSURL *)_cacheStorageDirectory > > - (void)_setCacheStorageDirectory:(NSURL *)url > { >+ if (!_configuration->isPersistent()) >+ [NSException raise:NSInvalidArgumentException format:@"Cannot set _cacheStorageDirectory on a non-persistent _WKWebsiteDataStoreConfiguration."]; > checkURLArgument(url); > _configuration->setCacheStorageDirectory(url.path); > } >@@ -132,6 +171,8 @@ - (NSURL *)_serviceWorkerRegistrationDirectory > > - (void)_setServiceWorkerRegistrationDirectory:(NSURL *)url > { >+ if (!_configuration->isPersistent()) >+ [NSException raise:NSInvalidArgumentException format:@"Cannot set _serviceWorkerRegistrationDirectory on a non-persistent _WKWebsiteDataStoreConfiguration."]; > checkURLArgument(url); > _configuration->setServiceWorkerRegistrationDirectory(url.path); > } >@@ -156,6 +197,26 @@ - (void)setSourceApplicationSecondaryIdentifier:(NSString *)identifier > _configuration->setSourceApplicationSecondaryIdentifier(identifier); > } > >+- (BOOL)deviceManagementRestrictionsEnabled >+{ >+ return _configuration->deviceManagementRestrictionsEnabled(); >+} >+ >+- (void)setDeviceManagementRestrictionsEnabled:(BOOL)enabled >+{ >+ _configuration->setDeviceManagementRestrictionsEnabled(enabled); >+} >+ >+- (BOOL)allLoadsBlockedByDeviceManagementRestrictionsForTesting >+{ >+ return _configuration->allLoadsBlockedByDeviceManagementRestrictionsForTesting(); >+} >+ >+- (void)setAllLoadsBlockedByDeviceManagementRestrictionsForTesting:(BOOL)blocked >+{ >+ _configuration->setAllLoadsBlockedByDeviceManagementRestrictionsForTesting(blocked); >+} >+ > - (API::Object&)_apiObject > { > return *_configuration; >diff --git a/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm b/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm >index 05425c0751e238ee19259b3d0254f0691ca347da..2a56a7436e8a00860a5c0bd1120533392319c225 100644 >--- a/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm >+++ b/Source/WebKit/UIProcess/WebsiteData/Cocoa/WebsiteDataStoreCocoa.mm >@@ -131,6 +131,8 @@ WebsiteDataStoreParameters WebsiteDataStore::parameters() > false, > shouldIncludeLocalhostInResourceLoadStatistics, > enableResourceLoadStatisticsDebugMode, >+ m_configuration->deviceManagementRestrictionsEnabled(), >+ m_configuration->allLoadsBlockedByDeviceManagementRestrictionsForTesting(), > WTFMove(resourceLoadStatisticsManualPrevalentResource), > WTFMove(localStorageDirectory), > WTFMove(localStorageDirectoryExtensionHandle) >diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp >index 99f57e4ae3a4e1437b54b25250f7217a3120a2ee..aeb80cdc6252f8824c10b04cdf8ce174167bae57 100644 >--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp >+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.cpp >@@ -39,6 +39,8 @@ Ref<WebsiteDataStoreConfiguration> WebsiteDataStoreConfiguration::copy() > { > auto copy = WebsiteDataStoreConfiguration::create(); > >+ copy->m_isPersistent = this->m_isPersistent; >+ > copy->m_cacheStorageDirectory = this->m_cacheStorageDirectory; > copy->m_perOriginStorageQuota = this->m_perOriginStorageQuota; > copy->m_networkCacheDirectory = this->m_networkCacheDirectory; >@@ -59,6 +61,8 @@ Ref<WebsiteDataStoreConfiguration> WebsiteDataStoreConfiguration::copy() > copy->m_sourceApplicationSecondaryIdentifier = this->m_sourceApplicationSecondaryIdentifier; > copy->m_httpProxy = this->m_httpProxy; > copy->m_httpsProxy = this->m_httpsProxy; >+ copy->m_deviceManagementRestrictionsEnabled = this->m_deviceManagementRestrictionsEnabled; >+ copy->m_allLoadsBlockedByDeviceManagementRestrictionsForTesting = this->m_allLoadsBlockedByDeviceManagementRestrictionsForTesting; > > return copy; > } >diff --git a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h >index df17adc5e4d32d021558e6494a3e369787f59f70..ea3d8e2f19d0565cf4bc5fab66a4bfaabd5bbbd8 100644 >--- a/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h >+++ b/Source/WebKit/UIProcess/WebsiteData/WebsiteDataStoreConfiguration.h >@@ -38,7 +38,10 @@ public: > > Ref<WebsiteDataStoreConfiguration> copy(); > >- uint64_t perOriginStorageQuota() { return m_perOriginStorageQuota; } >+ bool isPersistent() const { return m_isPersistent; } >+ void setPersistent(bool isPersistent) { m_isPersistent = isPersistent; } >+ >+ uint64_t perOriginStorageQuota() const { return m_perOriginStorageQuota; } > void setPerOriginStorageQuota(uint64_t quota) { m_perOriginStorageQuota = quota; } > > const String& applicationCacheDirectory() const { return m_applicationCacheDirectory; } >@@ -98,9 +101,17 @@ public: > const URL& httpsProxy() const { return m_httpsProxy; } > void setHTTPSProxy(URL&& proxy) { m_httpsProxy = WTFMove(proxy); } > >+ bool deviceManagementRestrictionsEnabled() const { return m_deviceManagementRestrictionsEnabled; } >+ void setDeviceManagementRestrictionsEnabled(bool enabled) { m_deviceManagementRestrictionsEnabled = enabled; } >+ >+ bool allLoadsBlockedByDeviceManagementRestrictionsForTesting() const { return m_allLoadsBlockedByDeviceManagementRestrictionsForTesting; } >+ void setAllLoadsBlockedByDeviceManagementRestrictionsForTesting(bool blocked) { m_allLoadsBlockedByDeviceManagementRestrictionsForTesting = blocked; } >+ > private: > WebsiteDataStoreConfiguration(); > >+ bool m_isPersistent { false }; >+ > String m_cacheStorageDirectory; > uint64_t m_perOriginStorageQuota { WebCore::StorageQuotaManager::defaultQuota() }; > String m_networkCacheDirectory; >@@ -121,6 +132,8 @@ private: > String m_sourceApplicationSecondaryIdentifier; > URL m_httpProxy; > URL m_httpsProxy; >+ bool m_deviceManagementRestrictionsEnabled { false }; >+ bool m_allLoadsBlockedByDeviceManagementRestrictionsForTesting { false }; > }; > > } >diff --git a/Source/WebKit/WebKit.xcodeproj/project.pbxproj b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >index ddb3a3000caef7235c2646cd0f4048cbceb560a2..957328c019866d0edc67c464309e03bc1377c5e3 100644 >--- a/Source/WebKit/WebKit.xcodeproj/project.pbxproj >+++ b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >@@ -430,6 +430,8 @@ > 2984F589164BA095004BC0C6 /* LegacyCustomProtocolManagerMessages.h in Headers */ = {isa = PBXBuildFile; fileRef = 2984F587164BA095004BC0C6 /* LegacyCustomProtocolManagerMessages.h */; }; > 29AD3093164B4C5D0072DEA9 /* LegacyCustomProtocolManagerProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = 29AD3092164B4C5D0072DEA9 /* LegacyCustomProtocolManagerProxy.h */; }; > 29CD55AA128E294F00133C85 /* WKAccessibilityWebPageObjectBase.h in Headers */ = {isa = PBXBuildFile; fileRef = 29CD55A8128E294F00133C85 /* WKAccessibilityWebPageObjectBase.h */; }; >+ 2D0C56FD229F1DEA00BD33E7 /* DeviceManagementSoftLink.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D0C56FB229F1DEA00BD33E7 /* DeviceManagementSoftLink.h */; }; >+ 2D0C56FE229F1DEA00BD33E7 /* DeviceManagementSoftLink.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D0C56FC229F1DEA00BD33E7 /* DeviceManagementSoftLink.mm */; }; > 2D1087611D2C573E00B85F82 /* LoadParameters.h in Headers */ = {isa = PBXBuildFile; fileRef = 2D10875F1D2C573E00B85F82 /* LoadParameters.h */; }; > 2D11B7512126A282006F8878 /* UnifiedSource1-mm.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D7DEC9421269E4C00B9F73C /* UnifiedSource1-mm.mm */; }; > 2D11B7522126A282006F8878 /* UnifiedSource1.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 2D7DED5B21269E4D00B9F73C /* UnifiedSource1.cpp */; }; >@@ -702,6 +704,7 @@ > 2DA6731A20C754B1003CB401 /* DynamicViewportSizeUpdate.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DA6731920C754B1003CB401 /* DynamicViewportSizeUpdate.h */; }; > 2DA944A01884E4F000ED86DB /* WebIOSEventFactory.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DA944991884E4F000ED86DB /* WebIOSEventFactory.h */; }; > 2DA944A41884E4F000ED86DB /* GestureTypes.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DA9449D1884E4F000ED86DB /* GestureTypes.h */; }; >+ 2DAADA8F2298C21000E36B0C /* DeviceManagementSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DAADA8E2298C21000E36B0C /* DeviceManagementSPI.h */; }; > 2DABA7721A817B1700EF0F1A /* WKPageRenderingProgressEventsInternal.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DABA7711A817B1700EF0F1A /* WKPageRenderingProgressEventsInternal.h */; }; > 2DABA7741A817EE600EF0F1A /* WKPluginLoadPolicy.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DABA7731A817EE600EF0F1A /* WKPluginLoadPolicy.h */; settings = {ATTRIBUTES = (Private, ); }; }; > 2DABA7761A82B42100EF0F1A /* APIHistoryClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 2DABA7751A82B42100EF0F1A /* APIHistoryClient.h */; }; >@@ -2506,6 +2509,8 @@ > 29D04E2821F7C73D0076741D /* AccessibilityPrivSPI.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = AccessibilityPrivSPI.h; sourceTree = "<group>"; }; > 2D0035221BC7414800DA8716 /* PDFPlugin.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = PDFPlugin.h; path = PDF/PDFPlugin.h; sourceTree = "<group>"; }; > 2D0035231BC7414800DA8716 /* PDFPlugin.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = PDFPlugin.mm; path = PDF/PDFPlugin.mm; sourceTree = "<group>"; }; >+ 2D0C56FB229F1DEA00BD33E7 /* DeviceManagementSoftLink.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DeviceManagementSoftLink.h; sourceTree = "<group>"; }; >+ 2D0C56FC229F1DEA00BD33E7 /* DeviceManagementSoftLink.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DeviceManagementSoftLink.mm; sourceTree = "<group>"; }; > 2D0CF64B21F2A80300787566 /* TextCheckingController.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = TextCheckingController.mm; sourceTree = "<group>"; }; > 2D0CF64C21F2A80300787566 /* TextCheckingController.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = TextCheckingController.h; sourceTree = "<group>"; }; > 2D10875E1D2C573E00B85F82 /* LoadParameters.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = LoadParameters.cpp; sourceTree = "<group>"; }; >@@ -2798,6 +2803,7 @@ > 2DA944AC1884E9BA00ED86DB /* WebProcessProxyIOS.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = WebProcessProxyIOS.mm; path = ios/WebProcessProxyIOS.mm; sourceTree = "<group>"; }; > 2DA944B61884EA3500ED86DB /* WebPageIOS.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = WebPageIOS.mm; path = ios/WebPageIOS.mm; sourceTree = "<group>"; }; > 2DA944BC188511E700ED86DB /* NetworkProcessIOS.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = NetworkProcessIOS.mm; sourceTree = "<group>"; }; >+ 2DAADA8E2298C21000E36B0C /* DeviceManagementSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DeviceManagementSPI.h; sourceTree = "<group>"; }; > 2DABA7711A817B1700EF0F1A /* WKPageRenderingProgressEventsInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKPageRenderingProgressEventsInternal.h; sourceTree = "<group>"; }; > 2DABA7731A817EE600EF0F1A /* WKPluginLoadPolicy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKPluginLoadPolicy.h; sourceTree = "<group>"; }; > 2DABA7751A82B42100EF0F1A /* APIHistoryClient.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = APIHistoryClient.h; sourceTree = "<group>"; }; >@@ -6105,6 +6111,7 @@ > 37C21CAD1E994C0C0029D5F9 /* CorePredictionSPI.h */, > A1FB68261F6E51C100C43F9F /* CrashReporterClientSPI.h */, > 57DCEDAA214B9B430016B847 /* DeviceIdentitySPI.h */, >+ 2DAADA8E2298C21000E36B0C /* DeviceManagementSPI.h */, > 3754D5441B3A29FD003A4C7F /* NSInvocationSPI.h */, > 37B47E2C1D64DB76005F4EFF /* objcSPI.h */, > 0E97D74C200E8FF300BF6643 /* SafeBrowsingSPI.h */, >@@ -7136,6 +7143,8 @@ > 7EC4F0F818E4A922008056AF /* cocoa */ = { > isa = PBXGroup; > children = ( >+ 2D0C56FB229F1DEA00BD33E7 /* DeviceManagementSoftLink.h */, >+ 2D0C56FC229F1DEA00BD33E7 /* DeviceManagementSoftLink.mm */, > 5315876B2076B713004BF9F3 /* NetworkActivityTrackerCocoa.mm */, > 5321594F1DBAE6D70054AA3C /* NetworkDataTaskCocoa.h */, > 5CBC9B8B1C65257300A8FDCF /* NetworkDataTaskCocoa.mm */, >@@ -9223,6 +9232,8 @@ > BC032DA610F437D10058C15A /* Decoder.h in Headers */, > 57DCEDAB214C60090016B847 /* DeviceIdentitySPI.h in Headers */, > 07297F9F1C17BBEA015F0735 /* DeviceIdHashSaltStorage.h in Headers */, >+ 2D0C56FD229F1DEA00BD33E7 /* DeviceManagementSoftLink.h in Headers */, >+ 2DAADA8F2298C21000E36B0C /* DeviceManagementSPI.h in Headers */, > 83891B6C1A68C30B0030F386 /* DiagnosticLoggingClient.h in Headers */, > C18173612058424700DFDA65 /* DisplayLink.h in Headers */, > 5C1427021C23F84C00D41183 /* Download.h in Headers */, >@@ -10982,6 +10993,7 @@ > 2D92A77D212B6A7100F493FD /* Connection.cpp in Sources */, > 2D92A77E212B6A7100F493FD /* DataReference.cpp in Sources */, > 2D92A77F212B6A7100F493FD /* Decoder.cpp in Sources */, >+ 2D0C56FE229F1DEA00BD33E7 /* DeviceManagementSoftLink.mm in Sources */, > 1AB7D6191288B9D900CFD08C /* DownloadProxyMessageReceiver.cpp in Sources */, > 1A64229912DD029200CAAE2C /* DrawingAreaMessageReceiver.cpp in Sources */, > 1A64230812DD09EB00CAAE2C /* DrawingAreaProxyMessageReceiver.cpp in Sources */, >diff --git a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >index 278b6018479f36590348c8951855acf43dcb59f8..15256733b5d2b98180fcf53b6fbc7232cb31672c 100644 >--- a/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >+++ b/Source/WebKit/WebProcess/Network/WebLoaderStrategy.cpp >@@ -335,6 +335,8 @@ void WebLoaderStrategy::scheduleLoadFromNetworkProcess(ResourceLoader& resourceL > > loadParameters.isMainFrameNavigation = resourceLoader.frame() && resourceLoader.frame()->isMainFrame() && resourceLoader.options().mode == FetchOptions::Mode::Navigate; > >+ loadParameters.isMainResourceNavigationForAnyFrame = resourceLoader.frame() && resourceLoader.options().mode == FetchOptions::Mode::Navigate; >+ > loadParameters.shouldEnableCrossOriginResourcePolicy = RuntimeEnabledFeatures::sharedFeatures().crossOriginResourcePolicyEnabled() && !loadParameters.isMainFrameNavigation; > > if (resourceLoader.options().mode == FetchOptions::Mode::Navigate) { >diff --git a/Tools/ChangeLog b/Tools/ChangeLog >index a2ccc8f857e8412aa58edd3085f69833e428f2b1..ec8b44aea074377fcebbca469bbc364a266f3a7b 100644 >--- a/Tools/ChangeLog >+++ b/Tools/ChangeLog >@@ -1,3 +1,27 @@ >+2019-05-30 Tim Horton <timothy_horton@apple.com> >+ >+ Optionally respect device management restrictions when loading from the network >+ https://bugs.webkit.org/show_bug.cgi?id=198318 >+ <rdar://problem/44263806> >+ >+ Reviewed by Alex Christensen. >+ >+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: >+ * TestWebKitAPI/Tests/WebKitCocoa/DeviceManagementRestrictions.mm: Added. >+ (TEST): >+ * TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm: >+ (TestWebKitAPI::TEST): >+ * TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm: >+ (TEST): >+ Clone a test that tests non-persistent data stores and ensure >+ that it works if the data store is created via a configuration as well. >+ >+ Add a test that ensures that you can't create a data store configuration >+ with an invalid set of options. >+ >+ Add a test that device management restrictions (when mocked) correctly >+ fail the load with a new, appropriate error. >+ > 2019-05-29 Ryan Haddad <ryanhaddad@apple.com> > > Unreviewed, rolling out r245857. >diff --git a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj b/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj >index 57aa7d182e8fcf005390e22b654f306045e9c37f..e6e6726c9e9d8160166850b7fab7c98bf7c16be4 100644 >--- a/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj >+++ b/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj >@@ -96,6 +96,7 @@ > 2D1C04A71D76298B000A6816 /* TestNavigationDelegate.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D1C04A61D76298B000A6816 /* TestNavigationDelegate.mm */; }; > 2D21FE591F04642900B58E7D /* WKPDFViewStablePresentationUpdateCallback.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D21FE581F04642800B58E7D /* WKPDFViewStablePresentationUpdateCallback.mm */; }; > 2D2BEB2D22324E5F005544CA /* RequestTextInputContext.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D2BEB2C22324E5F005544CA /* RequestTextInputContext.mm */; }; >+ 2D2D13B3229F408B005068AF /* DeviceManagementRestrictions.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D2D13B2229F408B005068AF /* DeviceManagementRestrictions.mm */; }; > 2D3CA3A8221DF4B40088E803 /* PageOverlayPlugin.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D3CA3A4221DF2390088E803 /* PageOverlayPlugin.mm */; }; > 2D4CF8BD1D8360CC0001CE8D /* WKThumbnailView.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D4CF8BC1D8360CC0001CE8D /* WKThumbnailView.mm */; }; > 2D51A0C71C8BF00C00765C45 /* DOMHTMLVideoElementWrapper.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2D51A0C51C8BF00400765C45 /* DOMHTMLVideoElementWrapper.mm */; }; >@@ -1471,6 +1472,7 @@ > 2D1FE0AF1AD465C1006CD9E6 /* FixedLayoutSize.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = FixedLayoutSize.mm; sourceTree = "<group>"; }; > 2D21FE581F04642800B58E7D /* WKPDFViewStablePresentationUpdateCallback.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = WKPDFViewStablePresentationUpdateCallback.mm; sourceTree = "<group>"; }; > 2D2BEB2C22324E5F005544CA /* RequestTextInputContext.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = RequestTextInputContext.mm; sourceTree = "<group>"; }; >+ 2D2D13B2229F408B005068AF /* DeviceManagementRestrictions.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DeviceManagementRestrictions.mm; sourceTree = "<group>"; }; > 2D3CA3A4221DF2390088E803 /* PageOverlayPlugin.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = PageOverlayPlugin.mm; sourceTree = "<group>"; }; > 2D4CF8BC1D8360CC0001CE8D /* WKThumbnailView.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = WKThumbnailView.mm; path = WebKit/WKThumbnailView.mm; sourceTree = "<group>"; }; > 2D51A0C51C8BF00400765C45 /* DOMHTMLVideoElementWrapper.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = DOMHTMLVideoElementWrapper.mm; sourceTree = "<group>"; }; >@@ -2591,6 +2593,7 @@ > 46A911582108E66B0078D40D /* CustomUserAgent.mm */, > 2DC4CF761D2D9DD800ECCC94 /* DataDetection.mm */, > 518EE51C20A78D3300E024F3 /* DecidePolicyForNavigationAction.mm */, >+ 2D2D13B2229F408B005068AF /* DeviceManagementRestrictions.mm */, > 46918EFB2237283500468DFE /* DeviceOrientation.mm */, > CEA7F57B20895F5B0078EF6E /* DidResignInputElementStrongPasswordAppearance.mm */, > 518EE51A20A78CFB00E024F3 /* DoAfterNextPresentationUpdateAfterCrash.mm */, >@@ -4121,6 +4124,7 @@ > 9BAD7F3E22690F2000F8DA66 /* DeallocWebViewInEventListener.mm in Sources */, > 518EE51D20A78D3600E024F3 /* DecidePolicyForNavigationAction.mm in Sources */, > 2D1646E21D1862CD00015A1A /* DeferredViewInWindowStateChange.mm in Sources */, >+ 2D2D13B3229F408B005068AF /* DeviceManagementRestrictions.mm in Sources */, > 46918EFC2237283C00468DFE /* DeviceOrientation.mm in Sources */, > 7CCE7EB91A411A7E00447C4C /* DeviceScaleFactorInDashboardRegions.mm in Sources */, > 7CCE7EBA1A411A7E00447C4C /* DeviceScaleFactorOnBack.mm in Sources */, >diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/DeviceManagementRestrictions.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/DeviceManagementRestrictions.mm >new file mode 100644 >index 0000000000000000000000000000000000000000..187bb700288d6e0612c8abdedd09b6c856b3d894 >--- /dev/null >+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/DeviceManagementRestrictions.mm >@@ -0,0 +1,63 @@ >+/* >+ * Copyright (C) 2019 Apple Inc. All rights reserved. >+ * >+ * Redistribution and use in source and binary forms, with or without >+ * modification, are permitted provided that the following conditions >+ * are met: >+ * 1. Redistributions of source code must retain the above copyright >+ * notice, this list of conditions and the following disclaimer. >+ * 2. Redistributions in binary form must reproduce the above copyright >+ * notice, this list of conditions and the following disclaimer in the >+ * documentation and/or other materials provided with the distribution. >+ * >+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+ * THE POSSIBILITY OF SUCH DAMAGE. >+ */ >+ >+#include "config.h" >+ >+#import "PlatformUtilities.h" >+#import "Test.h" >+#import "TestNavigationDelegate.h" >+#import "TestWKWebView.h" >+#import <WebKit/WKErrorPrivate.h> >+#import <WebKit/WKWebsiteDataStorePrivate.h> >+#import <WebKit/WebKit.h> >+#import <WebKit/_WKWebsiteDataStoreConfiguration.h> >+#import <wtf/RetainPtr.h> >+ >+TEST(WebKit, DeviceManagementRestrictions) >+{ >+ RetainPtr<_WKWebsiteDataStoreConfiguration> dataStoreConfiguration = adoptNS([[_WKWebsiteDataStoreConfiguration alloc] initNonPersistentConfiguration]); >+ [dataStoreConfiguration setDeviceManagementRestrictionsEnabled:YES]; >+ [dataStoreConfiguration setAllLoadsBlockedByDeviceManagementRestrictionsForTesting:YES]; >+ >+ RetainPtr<WKWebViewConfiguration> webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]); >+ [webViewConfiguration setWebsiteDataStore:[[[WKWebsiteDataStore alloc] _initWithConfiguration:dataStoreConfiguration.get()] autorelease]]; >+ >+ RetainPtr<TestWKWebView> webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectZero configuration:webViewConfiguration.get() addToWindow:YES]); >+ >+ RetainPtr<TestNavigationDelegate> delegate = adoptNS([[TestNavigationDelegate alloc] init]); >+ [webView setNavigationDelegate:delegate.get()]; >+ >+ __block bool done = false; >+ [delegate setDidFailProvisionalNavigation:^(WKWebView *webView, WKNavigation *navigation, NSError *error) { >+ EXPECT_WK_STREQ(_WKLegacyErrorDomain, error.domain); >+ EXPECT_EQ(_WKErrorCodeFrameLoadBlockedByRestrictions, error.code); >+ done = true; >+ }]; >+ >+ NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]; >+ [webView loadRequest:request]; >+ >+ TestWebKitAPI::Util::run(&done); >+} >diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm >index 3f953a707518fe3820673ea10323460cb9294d46..87c41243c68207186abc3c5024cc5ba5c3820c0f 100644 >--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm >+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKWebsiteDatastore.mm >@@ -33,6 +33,7 @@ > #import <WebKit/WKWebsiteDataRecordPrivate.h> > #import <WebKit/WKWebsiteDataStorePrivate.h> > #import <WebKit/WebKit.h> >+#import <WebKit/_WKWebsiteDataStoreConfiguration.h> > #import <wtf/text/WTFString.h> > > static bool readyToContinue; >@@ -304,4 +305,49 @@ TEST(WKWebsiteDataStore, RemoveNonPersistentCredentials) > TestWebKitAPI::Util::run(&done); > } > >+TEST(WebKit, SettingNonPersistentDataStorePathsThrowsException) >+{ >+ auto configuration = adoptNS([[_WKWebsiteDataStoreConfiguration alloc] initNonPersistentConfiguration]); >+ >+ auto shouldThrowExceptionWhenUsed = [](Function<void(void)>&& modifier) { >+ @try { >+ modifier(); >+ EXPECT_TRUE(false); >+ } @catch (NSException *exception) { >+ EXPECT_WK_STREQ(NSInvalidArgumentException, exception.name); >+ } >+ }; >+ >+ NSURL *fileURL = [NSURL fileURLWithPath:@"/tmp"]; >+ >+ shouldThrowExceptionWhenUsed([&] { >+ [configuration _setWebStorageDirectory:fileURL]; >+ }); >+ shouldThrowExceptionWhenUsed([&] { >+ [configuration _setIndexedDBDatabaseDirectory:fileURL]; >+ }); >+ shouldThrowExceptionWhenUsed([&] { >+ [configuration _setWebSQLDatabaseDirectory:fileURL]; >+ }); >+ shouldThrowExceptionWhenUsed([&] { >+ [configuration _setCookieStorageFile:fileURL]; >+ }); >+ shouldThrowExceptionWhenUsed([&] { >+ [configuration _setResourceLoadStatisticsDirectory:fileURL]; >+ }); >+ shouldThrowExceptionWhenUsed([&] { >+ [configuration _setCacheStorageDirectory:fileURL]; >+ }); >+ shouldThrowExceptionWhenUsed([&] { >+ [configuration _setServiceWorkerRegistrationDirectory:fileURL]; >+ }); >+ >+ // These properties shouldn't throw exceptions when set on a non-persistent data store. >+ [configuration setDeviceManagementRestrictionsEnabled:YES]; >+ [configuration setHTTPProxy:[NSURL URLWithString:@"http://www.apple.com/"]]; >+ [configuration setHTTPSProxy:[NSURL URLWithString:@"https://www.apple.com/"]]; >+ [configuration setSourceApplicationBundleIdentifier:@"com.apple.Safari"]; >+ [configuration setSourceApplicationSecondaryIdentifier:@"com.apple.Safari"]; >+} >+ > } >diff --git a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm >index 705fc424abd264c13861601800b2e7b0c1e15fd7..e4ee0206635ccbf707d8947cd5eefcca7db31d4e 100644 >--- a/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm >+++ b/Tools/TestWebKitAPI/Tests/WebKitCocoa/WebsiteDataStoreCustomPaths.mm >@@ -427,6 +427,52 @@ TEST(WebKit, WebsiteDataStoreEphemeral) > > EXPECT_TRUE([[NSFileManager defaultManager] fileExistsAtPath:defaultResourceLoadStatisticsPath.path]); > EXPECT_FALSE([[NSFileManager defaultManager] fileExistsAtPath:defaultResourceLoadStatisticsFilePath.path]); >+ >+ [[NSFileManager defaultManager] removeItemAtURL:defaultResourceLoadStatisticsPath error:nil]; >+} >+ >+TEST(WebKit, WebsiteDataStoreEphemeralViaConfiguration) >+{ >+ RetainPtr<WebsiteDataStoreCustomPathsMessageHandler> handler = adoptNS([[WebsiteDataStoreCustomPathsMessageHandler alloc] init]); >+ RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]); >+ [[configuration userContentController] addScriptMessageHandler:handler.get() name:@"testHandler"]; >+ >+ NSURL *defaultResourceLoadStatisticsPath = [NSURL fileURLWithPath:[@"~/Library/WebKit/TestWebKitAPI/WebsiteData/ResourceLoadStatistics/" stringByExpandingTildeInPath] isDirectory:YES]; >+ >+ [[NSFileManager defaultManager] removeItemAtURL:defaultResourceLoadStatisticsPath error:nil]; >+ >+ EXPECT_FALSE([[NSFileManager defaultManager] fileExistsAtPath:defaultResourceLoadStatisticsPath.path]); >+ >+ RetainPtr<_WKWebsiteDataStoreConfiguration> dataStoreConfiguration = adoptNS([[_WKWebsiteDataStoreConfiguration alloc] initNonPersistentConfiguration]); >+ configuration.get().websiteDataStore = [[[WKWebsiteDataStore alloc] _initWithConfiguration:dataStoreConfiguration.get()] autorelease]; >+ [configuration.get().websiteDataStore _setResourceLoadStatisticsEnabled:YES]; >+ >+ // We expect the directory to be created by starting up the data store machinery, but not the data file. >+ EXPECT_TRUE([[NSFileManager defaultManager] fileExistsAtPath:defaultResourceLoadStatisticsPath.path]); >+ >+ NSURL *defaultResourceLoadStatisticsFilePath = [NSURL fileURLWithPath:[@"~/Library/WebKit/TestWebKitAPI/WebsiteData/ResourceLoadStatistics/full_browsing_session_resourceLog.plist" stringByExpandingTildeInPath] isDirectory:NO]; >+ EXPECT_FALSE([[NSFileManager defaultManager] fileExistsAtPath:defaultResourceLoadStatisticsFilePath.path]); >+ >+ RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]); >+ >+ NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"WebsiteDataStoreCustomPaths" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]; >+ [webView loadRequest:request]; >+ >+ [[[webView configuration] processPool] _syncNetworkProcessCookies]; >+ >+ // Forcibly shut down everything of WebKit that we can. >+ auto pid = [webView _webProcessIdentifier]; >+ if (pid) >+ kill(pid, SIGKILL); >+ >+ webView = nil; >+ handler = nil; >+ configuration = nil; >+ >+ EXPECT_TRUE([[NSFileManager defaultManager] fileExistsAtPath:defaultResourceLoadStatisticsPath.path]); >+ EXPECT_FALSE([[NSFileManager defaultManager] fileExistsAtPath:defaultResourceLoadStatisticsFilePath.path]); >+ >+ [[NSFileManager defaultManager] removeItemAtURL:defaultResourceLoadStatisticsPath error:nil]; > } > > TEST(WebKit, DoLoadWithNonDefaultDataStoreAfterTerminatingNetworkProcess)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=371075">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198318
:
370816
|
370880
|
370904
|
370977
|
371010
|
371016
|
371074
| 371075