Add xcprivacy privacy manifest to iOS framework #48951
Conversation
|
It looks like this pull request may not have tests. Please make sure to add tests before merging. If you need an exemption to this rule, contact "@text-exemption-reviewers" in the #hackers channel in Chat (don't just cc them here, they won't see it! Use Discord!). If you are not sure if you need tests, consider this rule of thumb: the purpose of a test is to make sure someone doesn't accidentally revert the fix. Ask yourself, is there anything in your PR that you feel it is important we not accidentally revert back to how it was before your fix? Reviewers: Read the Tree Hygiene page and make sure this patch meets those guidelines before LGTMing. |
| <string>NSPrivacyAccessedAPICategoryFileTimestamp</string> | ||
| <key>NSPrivacyAccessedAPITypeReasons</key> | ||
| <array> | ||
| <string>0A2A.1</string> |
There was a problem hiding this comment.
Declare this reason if your third-party SDK is providing a wrapper function around file timestamp API(s) for the app to use, and you only access the file timestamp APIs when the app calls your wrapper function. This reason may only be declared by third-party SDKs. This reason may not be declared if your third-party SDK was created primarily to wrap required reason API(s). Information accessed for this reason, or any derived information, may not be used for your third-party SDK’s own purposes or sent off-device by your third-party SDK.
| <key>NSPrivacyAccessedAPITypeReasons</key> | ||
| <array> | ||
| <string>0A2A.1</string> | ||
| <string>C617.1</string> |
There was a problem hiding this comment.
For app state restoration in FlutterAppDelegate.mm:
Declare this reason to access the timestamps, size, or other metadata of files inside the app container, app group container, or the app’s CloudKit container.
engine/shell/platform/darwin/ios/framework/Source/FlutterAppDelegate.mm
Lines 327 to 329 in a1777a3
| <string>NSPrivacyAccessedAPICategorySystemBootTime</string> | ||
| <key>NSPrivacyAccessedAPITypeReasons</key> | ||
| <array> | ||
| <string>35F9.1</string> |
There was a problem hiding this comment.
Declare this reason to access the system boot time in order to measure the amount of time that has elapsed between events that occurred within the app or to perform calculations to enable timers. Information accessed for this reason, or any derived information, may not be sent off-device. There is an exception for information about the amount of time that has elapsed between events that occurred within the app, which may be sent off-device.
jmagman
force-pushed
the
ios-privacy-manifest
branch
from
1c7f7e8 to
d41d6a0
Compare
|
The |
| <key>NSPrivacyTracking</key> | ||
| <false/> | ||
| <key>NSPrivacyTrackingDomains</key> | ||
| <array/> | ||
| <key>NSPrivacyCollectedDataTypes</key> | ||
| <array> | ||
| <dict/> | ||
| </array> |
There was a problem hiding this comment.
False and empty, we are not tracking or collecting.
|
might be worth putting the comments explaining these (that you wrote on this PR) literally as XML comments in the file itself. |
|
test-exempt: apple does not provide a way to meaningfully test this |
There was a problem hiding this comment.
I only wonder if someone of these review comments are better suited as <!-- comments -->, particularly ones with confusing semantics (i.e. that an array of an empty dict means "we are not tracking or collecting").
I would do this if we controlled how this file is used, but I'm not confident Apple's privacy tooling won't 💩 on an unexpected comment (or key, or value, or...). Hopefully this PR is documentation enough for the git archeologists. I will include a better comment when I write the framework test that validates the file is where we expect it to be. |
| @@ -373,6 +373,12 @@ copy("copy_framework_module_map") { | |||
| outputs = [ "$_flutter_framework_dir/Modules/module.modulemap" ] | |||
| } | |||
|
|
|||
| copy("copy_framework_privacy_manifest") { | |||
There was a problem hiding this comment.
Maybe a comment linking to https://developer.apple.com/documentation/bundleresources/privacy_manifest_files here to provide context on what this is and why we are doing it?
Although developer.apple.com links are notoriously fragile, so 🤷🏻
There was a problem hiding this comment.
We don't explain Info.plists, or modulemaps, or the values within those files, or any other thing we move around in this gn file. In 2 years when you Google "PrivacyInfo.xcprivacy" you'll see the most relevant info, and when you git blame you'll find this PR with my thorough description. However adding the link is harmless so I'll do that.
jmagman
added
the
autosubmit
…140130) flutter/engine@9f7004e...923f9e2 2023-12-14 98614782+auto-submit[bot]@users.noreply.github.com Reverts "[Windows] Move to `FlutterCompositor` for rendering" (flutter/engine#49015) 2023-12-14 magder@google.com Add xcprivacy privacy manifest to iOS framework (flutter/engine#48951) 2023-12-14 30870216+gaaclarke@users.noreply.github.com [Impeller] Made the new blur support 1D blurs (flutter/engine#49001) 2023-12-14 skia-flutter-autoroll@skia.org Roll Skia from 69c02c9d56b2 to 188515347032 (1 revision) (flutter/engine#49005) 2023-12-14 bdero@google.com [Impeller] Add golden for clipped+transformed blur. (flutter/engine#48886) 2023-12-14 bdero@google.com [Flutter GPU] Runtime shader import. (flutter/engine#48875) 2023-12-13 737941+loic-sharma@users.noreply.github.com [Windows] Move to `FlutterCompositor` for rendering (flutter/engine#48849) If this roll has caused a breakage, revert this CL and stop the roller using the controls here: https://autoroll.skia.org/r/flutter-engine-flutter-autoroll Please CC jsimmons@google.com,rmistry@google.com,zra@google.com on the revert to ensure that a human is aware of the problem. To file a bug in Flutter: https://github.com/flutter/flutter/issues/new/choose To report a problem with the AutoRoller itself, please file a bug: https://issues.skia.org/issues/new?component=1389291&template=1850622 Documentation for the AutoRoller is here: https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md
In #48951 `NSPrivacyCollectedDataTypes` is an array with an empty dictionary, but the privacy report wants an empty array or it errors: <img width="523" alt="Screenshot 2023-12-14 at 10 02 52�AM" src="https://github.com/flutter/flutter/assets/682784/a128b384-db2f-49d7-8b71-7965f2826de8"> When this is fixed the privacy report is blank, but that seems to be an Xcode bug? Will investigate. [C++, Objective-C, Java style guides]: https://github.com/flutter/engine/blob/main/CONTRIBUTING.md#style
Create a `PrivacyInfo.xcprivacy` (this name is required) plist and move it to the top-level of the iOS framework bundle. `NSPrivacyTracking*` and `NSPrivacyCollectedDataTypes` keys are required, but the values are blank. Apple [now requires](https://developer.apple.com/documentation/bundleresources/privacy_manifest_files) that third-party frameworks must include this manifest to document usage of particular APIs and [how they are used](https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api). > Starting in fall 2023, when you upload a new app or app update to App Store Connect that uses an API (including from third-party SDKs) that requires a reason, you�ll receive a notice if you haven�t provided an approved reason in your app�s privacy manifest. And starting in spring 2024, in order to upload your new app or app update to App Store Connect, you�ll be required to include an approved reason in the app�s privacy manifest which accurately reflects how your app uses the API. https://developer.apple.com/news/?id=z6fu1dcu @stuartmorgan [audited](flutter/flutter#131494 (comment)) the engine and third_party: > * File timestamps: > > * `C617.1` for app state restoration in `FlutterAppDelegate.mm`. > * `0A2A.1` for implementation of the relevant `File` wrappers. > * System boot time: > > * `35F9.1` for various event timing and elapsed time calculations. Note macOS frameworks do not need to declare `NSPrivacyAccessedAPITypes`. I don't think this will require recipe or conductor codesign changes since this is a file copied as a resource into the framework, just as the modulemap and Info.plist aren't referenced anywhere. I'm not quite sure how to test this other than letting it build and generate a `Generate Privacy Report` in a Flutter app in Xcode. There's no where we check that, say, the Info.plist is copied to the right place in Flutter.framework (even in flutter/flutter). When this rolls into the framework I will add a check to [ios_content_validation_test.dart](https://github.com/flutter/flutter/blob/3da9bc169837d223496439b6d5f6b7e1a82d4318/dev/devicelab/bin/tasks/ios_content_validation_test.dart) On this PR the `PrivacyInfo.xcprivacy` was written to the expected location in the Flutter.framework: https://cas-viewer.appspot.com/projects/chromium-swarm/instances/default_instance/blobs/d45cd0809420f08145c7b78ea96cba6e7ea48d8ecfdc8fd2411f82fa65444714/516/tree Fixes flutter/flutter#131494 [C++, Objective-C, Java style guides]: https://github.com/flutter/engine/blob/main/CONTRIBUTING.md#style
Create a `PrivacyInfo.xcprivacy` (this name is required) plist and move it to the top-level of the iOS framework bundle. `NSPrivacyTracking*` and `NSPrivacyCollectedDataTypes` keys are required, but the values are blank. Apple [now requires](https://developer.apple.com/documentation/bundleresources/privacy_manifest_files) that third-party frameworks must include this manifest to document usage of particular APIs and [how they are used](https://developer.apple.com/documentation/bundleresources/privacy_manifest_files/describing_use_of_required_reason_api). > Starting in fall 2023, when you upload a new app or app update to App Store Connect that uses an API (including from third-party SDKs) that requires a reason, you�ll receive a notice if you haven�t provided an approved reason in your app�s privacy manifest. And starting in spring 2024, in order to upload your new app or app update to App Store Connect, you�ll be required to include an approved reason in the app�s privacy manifest which accurately reflects how your app uses the API. https://developer.apple.com/news/?id=z6fu1dcu @stuartmorgan [audited](flutter/flutter#131494 (comment)) the engine and third_party: > * File timestamps: > > * `C617.1` for app state restoration in `FlutterAppDelegate.mm`. > * `0A2A.1` for implementation of the relevant `File` wrappers. > * System boot time: > > * `35F9.1` for various event timing and elapsed time calculations. Note macOS frameworks do not need to declare `NSPrivacyAccessedAPITypes`. I don't think this will require recipe or conductor codesign changes since this is a file copied as a resource into the framework, just as the modulemap and Info.plist aren't referenced anywhere. I'm not quite sure how to test this other than letting it build and generate a `Generate Privacy Report` in a Flutter app in Xcode. There's no where we check that, say, the Info.plist is copied to the right place in Flutter.framework (even in flutter/flutter). When this rolls into the framework I will add a check to [ios_content_validation_test.dart](https://github.com/flutter/flutter/blob/3da9bc169837d223496439b6d5f6b7e1a82d4318/dev/devicelab/bin/tasks/ios_content_validation_test.dart) On this PR the `PrivacyInfo.xcprivacy` was written to the expected location in the Flutter.framework: https://cas-viewer.appspot.com/projects/chromium-swarm/instances/default_instance/blobs/d45cd0809420f08145c7b78ea96cba6e7ea48d8ecfdc8fd2411f82fa65444714/516/tree Fixes flutter/flutter#131494 [C++, Objective-C, Java style guides]: https://github.com/flutter/engine/blob/main/CONTRIBUTING.md#style (cherry picked from commit cf7c260)
…49041) In flutter#48951 `NSPrivacyCollectedDataTypes` is an array with an empty dictionary, but the privacy report wants an empty array or it errors: <img width="523" alt="Screenshot 2023-12-14 at 10 02 52â�¯AM" src="https://github.com/flutter/flutter/assets/682784/a128b384-db2f-49d7-8b71-7965f2826de8"> When this is fixed the privacy report is blank, but that seems to be an Xcode bug? Will investigate. [C++, Objective-C, Java style guides]: https://github.com/flutter/engine/blob/main/CONTRIBUTING.md#style (cherry picked from commit 0ca2f38)
…49041) In flutter#48951 `NSPrivacyCollectedDataTypes` is an array with an empty dictionary, but the privacy report wants an empty array or it errors: <img width="523" alt="Screenshot 2023-12-14 at 10 02 52â�¯AM" src="https://github.com/flutter/flutter/assets/682784/a128b384-db2f-49d7-8b71-7965f2826de8"> When this is fixed the privacy report is blank, but that seems to be an Xcode bug? Will investigate. [C++, Objective-C, Java style guides]: https://github.com/flutter/engine/blob/main/CONTRIBUTING.md#style
Create a `PrivacyInfo.xcprivacy` (this name is required) plist and move it to the top-level of the macOS framework bundle. `NSPrivacyTracking*` and `NSPrivacyCollectedDataTypes` keys are required, but the values are blank. macOS explicitly does not need the `NSPrivacyAccessedAPITypes` (see more info in flutter/flutter#143381) You can see on this PR it's copied to the correct path in the framework https://logs.chromium.org/logs/flutter/buildbucket/cr-buildbucket/8737163270670636097/+/u/Global_generators/Release-FlutterMacOS.framework/stdout: ``` adding: FlutterMacOS.xcframework/macos-arm64_x86_64/FlutterMacOS.framework/PrivacyInfo.xcprivacy (deflated 35%) ``` There's no way to test this except to submit a macOS app with this framework to TestFlight. I can't find a good spot in the engine to validate the structure of the framework output. I hereby pledge to add a macOS test to the framework post-roll flutter/flutter#155189 � iOS framework variant of this PR #48951 Fixes flutter/flutter#131494 [C++, Objective-C, Java style guides]: https://github.com/flutter/engine/blob/main/CONTRIBUTING.md#style
Add tool test to validate a built iOS app contains the Flutter framework xcprivacy manifest. Follow up to flutter/engine#48951.
Create a `PrivacyInfo.xcprivacy` (this name is required) plist and move it to the top-level of the macOS framework bundle. `NSPrivacyTracking*` and `NSPrivacyCollectedDataTypes` keys are required, but the values are blank. macOS explicitly does not need the `NSPrivacyAccessedAPITypes` (see more info in flutter/flutter#143381) You can see on this PR it's copied to the correct path in the framework https://logs.chromium.org/logs/flutter/buildbucket/cr-buildbucket/8737163270670636097/+/u/Global_generators/Release-FlutterMacOS.framework/stdout: ``` adding: FlutterMacOS.xcframework/macos-arm64_x86_64/FlutterMacOS.framework/PrivacyInfo.xcprivacy (deflated 35%) ``` There's no way to test this except to submit a macOS app with this framework to TestFlight. I can't find a good spot in the engine to validate the structure of the framework output. I hereby pledge to add a macOS test to the framework post-roll flutter/flutter#155189 � iOS framework variant of this PR flutter#48951 Fixes flutter/flutter#131494 [C++, Objective-C, Java style guides]: https://github.com/flutter/engine/blob/main/CONTRIBUTING.md#style
Create a
PrivacyInfo.xcprivacy(this name is required) plist and move it to the top-level of the iOS framework bundle.NSPrivacyTracking*andNSPrivacyCollectedDataTypeskeys are required, but the values are blank.Apple now requires that third-party frameworks must include this manifest to document usage of particular APIs and how they are used.
https://developer.apple.com/news/?id=z6fu1dcu
@stuartmorgan audited the engine and third_party:
Note macOS frameworks do not need to declare
NSPrivacyAccessedAPITypes.I don't think this will require recipe or conductor codesign changes since this is a file copied as a resource into the framework, just as the modulemap and Info.plist aren't referenced anywhere.
I'm not quite sure how to test this other than letting it build and generate a
Generate Privacy Reportin a Flutter app in Xcode. There's no where we check that, say, the Info.plist is copied to the right place in Flutter.framework (even in flutter/flutter). When this rolls into the framework I will add a check to ios_content_validation_test.dartOn this PR the
PrivacyInfo.xcprivacywas written to the expected location in the Flutter.framework:https://cas-viewer.appspot.com/projects/chromium-swarm/instances/default_instance/blobs/d45cd0809420f08145c7b78ea96cba6e7ea48d8ecfdc8fd2411f82fa65444714/516/tree
Fixes flutter/flutter#131494
Pre-launch Checklist
///).If you need help, consider asking for advice on the #hackers-new channel on Discord.