Use SecTask SPI to retrieve code signing identifier for user directory suffix
https://bugs.webkit.org/show_bug.cgi?id=157570
Source/WebKit2:
<rdar://problem/25706517>
Reviewed by Darin Adler.
It is sufficient to make use of the SecTask SPI to retrieve the code signing
identifier of the embedding client for use in the user directory suffix. This
avoids the need to allow Code Signing Services to have access to the bundle
of the embedding client.
- Shared/mac/ChildProcessMac.mm:
(WebKit::ChildProcess::initializeSandbox): Use the code signing identifier of the
embedding client as part of the user directory suffix if available.
- Shared/mac/CodeSigning.h: Update comment and include header wtf/spi/darwin/XPCSPI.h
for the definition of xpc_connection_t. Renamed codeSigningIdentifier() to codeSigningIdentifierForCurrentProcess()
to convey that it returns the code signing identifier for the current process. Repurposed
the name codeSigningIdentifier for the variant of this function that takes a xpc_connection_t.
- Shared/mac/CodeSigning.mm:
(WebKit::codeSigningIdentifier): Added. Uses the audit token associated with the specified
XPC connection to get the code signing identifier for the embedding client.
(WebKit::codeSigningIdentifierForCurrentProcess): Renamed; formerly named codeSigningIdentifier.
Implemented in terms of the SecTask API.
(WebKit::secCodeForCurrentProcess): Deleted.
(WebKit::secCodeForProcess): Deleted.
(WebKit::secCodeSigningInformation): Deleted.
(WebKit::appleSignedOrMacAppStoreSignedOrAppleDeveloperSignedRequirement): Deleted.
(WebKit::secCodeSigningIdentifier): Deleted.
(WebKit::codeSigningIdentifierForProcess): Deleted.
- UIProcess/Launcher/mac/ProcessLauncherMac.mm:
(WebKit::connectToService): Update code due to renaming.
Source/WTF:
Reviewed by Darin Adler.
<rdar://problem/25706517>
Forward declare SPI SecTaskCopySigningIdentifier().
- wtf/spi/cocoa/SecuritySPI.h:
