Title: [273151] trunk/Source/WebKit
- Revision
- 273151
- Author
- pvol...@apple.com
- Date
- 2021-02-19 11:13:37 -0800 (Fri, 19 Feb 2021)
Log Message
Add notifyd message filter
https://bugs.webkit.org/show_bug.cgi?id=222129
<rdar://problem/73987767>
Reviewed by Brent Fulgham.
Add notifyd message filter in the WebContent process' sandbox.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (273150 => 273151)
--- trunk/Source/WebKit/ChangeLog 2021-02-19 19:08:37 UTC (rev 273150)
+++ trunk/Source/WebKit/ChangeLog 2021-02-19 19:13:37 UTC (rev 273151)
@@ -1,3 +1,16 @@
+2021-02-19 Per Arne <pvol...@apple.com>
+
+ Add notifyd message filter
+ https://bugs.webkit.org/show_bug.cgi?id=222129
+ <rdar://problem/73987767>
+
+ Reviewed by Brent Fulgham.
+
+ Add notifyd message filter in the WebContent process' sandbox.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2021-02-19 Kate Cheney <katherine_che...@apple.com>
Add better error handling to ResourceLoadStatisticsDatabaseStore::needsUpdatedPrivateClickMeasurementSchema()
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (273150 => 273151)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2021-02-19 19:08:37 UTC (rev 273150)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2021-02-19 19:13:37 UTC (rev 273151)
@@ -640,7 +640,37 @@
)
(allow mach-lookup
- (global-name "com.apple.system.notification_center"))
+ (global-name "com.apple.system.notification_center")
+ (apply-message-filter
+ (deny mach-message-send (with telemetry-backtrace))
+ (deny mach-message-send (with no-report) (message-number 1023))
+ (allow mach-message-send (with telemetry-backtrace) (message-number
+ 1002
+ 1003
+ 1004
+ 1005
+ 1011
+ 1012
+ 1013
+ 1014
+ 1015
+ 1016
+ 1017
+ 1018
+ 1021
+ 1025
+ 1026
+ 1027
+ ))
+ (allow mach-message-send (message-number
+ 1028
+ 1029
+ 1030
+ 1031
+ 1032
+ ))
+ )
+)
(allow ipc-posix-shm-read*
(ipc-posix-name "apple.shm.notification_center"))
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (273150 => 273151)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-02-19 19:08:37 UTC (rev 273150)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-02-19 19:13:37 UTC (rev 273151)
@@ -1256,8 +1256,40 @@
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
(with report) (with telemetry)
#endif
- (global-name "com.apple.system.notification_center"))
+ (global-name "com.apple.system.notification_center")
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
+ (apply-message-filter
+ (deny mach-message-send (with telemetry-backtrace))
+ (deny mach-message-send (with no-report) (message-number 1023))
+ (allow mach-message-send (with telemetry-backtrace) (message-number
+ 1002
+ 1003
+ 1004
+ 1005
+ 1011
+ 1012
+ 1013
+ 1014
+ 1015
+ 1016
+ 1017
+ 1018
+ 1021
+ 1025
+ 1026
+ 1027
+ ))
+ (allow mach-message-send (message-number
+ 1028
+ 1029
+ 1030
+ 1031
+ 1032
+ ))
+ )
#endif
+)
+#endif
;; <rdar://problem/63943836>
(deny mach-lookup
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
