Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix widevine loading failure due to different TeamID #3061

Merged
merged 1 commit into from
Aug 2, 2019
Merged

Fix widevine loading failure due to different TeamID #3061

merged 1 commit into from
Aug 2, 2019

Conversation

simonhong
Copy link
Member

@simonhong simonhong commented Jul 31, 2019
edited
Loading

Set disable-library-validation entitlements for helper-app that
loads widevine library.

fix brave/brave-browser#5433

Submitter Checklist:

Test Plan:

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@simonhong simonhong added this to the 0.70.x - Nightly milestone Jul 31, 2019
@simonhong simonhong requested a review from bsclifton July 31, 2019 13:35
@simonhong simonhong requested a review from bridiver as a code owner July 31, 2019 13:35
@simonhong simonhong self-assigned this Jul 31, 2019
simonhong
simonhong commented Jul 31, 2019
View reviewed changes
app/helper-entitlements.plist
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.disable-library-validation</key>
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

helper-plugin-entitlements.plist has one more property(allow-unsigned-executable-memory).
Not sure helper needs that also.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the comment here https://chromium.googlesource.com/chromium/src/+/3fa9da4e877a, com.apple.security.cs.allow-unsigned-executable-memory required to run Flash content and NaCl modules. Not sure if widevine needs the same, but the approach with adding the other entitlement makes sense.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mkarolin Thanks for checking.
I think we don't need to add allow-unsigned-executable-memory for helper.
If this entitlement should be used for widevine, upstream also needs it.

@simonhong simonhong added CI/skip-android Do not run CI builds for Android CI/skip-ios Do not run CI builds for iOS CI/skip-linux labels Jul 31, 2019
@simonhong simonhong force-pushed the fix_widevine_team_id_mismatch branch 3 times, most recently from 9d92501 to 4467962 Compare July 31, 2019 14:01
@simonhong
Fix widevine loading failure due to different TeamID
8c8831e 
Set disable-library-validation entitlements for helper-app that
loads widevine library.
@simonhong simonhong force-pushed the fix_widevine_team_id_mismatch branch from 4467962 to 8c8831e Compare July 31, 2019 14:30
@bsclifton bsclifton requested a review from mkarolin July 31, 2019 17:38
mkarolin
mkarolin approved these changes Jul 31, 2019
View reviewed changes
Copy link
Collaborator

@mkarolin mkarolin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@bsclifton bsclifton merged commit ab1394a into master Aug 2, 2019
@bsclifton bsclifton deleted the fix_widevine_team_id_mismatch branch August 2, 2019 08:05
@bsclifton
Copy link
Member

bsclifton commented Aug 2, 2019
edited
Loading

Ready for uplifts back to 0.68.x 😄
(after testing on Nightly, of course!)

brave-builds pushed a commit that referenced this pull request Aug 3, 2019
@brave-browser-releases
Uplift of #3061 (squashed) to dev
365bc65
brave-builds pushed a commit that referenced this pull request Aug 3, 2019
@brave-browser-releases
Uplift of #3061 (squashed) to beta
22718fe
This was referenced Aug 3, 2019
Merged
Merged
@jenix21 jenix21 mentioned this pull request Aug 26, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mkarolin mkarolin mkarolin approved these changes

@bsclifton bsclifton Awaiting requested review from bsclifton

@bridiver bridiver Awaiting requested review from bridiver

Assignees

@simonhong simonhong

Labels
CI/skip-android Do not run CI builds for Android CI/skip-ios Do not run CI builds for iOS
Projects
None yet
Milestone
0.69.x - Release
Development

Successfully merging this pull request may close these issues.

Netflix doesn't work on clean profile - macOS only
3 participants
@simonhong @bsclifton @mkarolin