Skip to site navigation (Press enter)

[webkit-changes] [285545] trunk/Source/WebKit

pvollan Tue, 09 Nov 2021 16:53:37 -0800

Title: [285545] trunk/Source/WebKit

Revision: 285545
Author: pvol...@apple.com
Date: 2021-11-09 16:52:14 -0800 (Tue, 09 Nov 2021)

Log Message

[iOS][GPUP] Remove sandbox access to mach services
https://bugs.webkit.org/show_bug.cgi?id=232209
<rdar://problem/84584739>


Reviewed by Darin Adler.

Remove access to mach services in the GPU process' sandbox that are unused according to telemetry.

* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb

Diff

Modified: trunk/Source/WebKit/ChangeLog (285544 => 285545)


--- trunk/Source/WebKit/ChangeLog	2021-11-10 00:45:46 UTC (rev 285544)
+++ trunk/Source/WebKit/ChangeLog	2021-11-10 00:52:14 UTC (rev 285545)
@@ -1,3 +1,15 @@
+2021-11-09  Per Arne  <pvol...@apple.com>
+
+        [iOS][GPUP] Remove sandbox access to mach services
+        https://bugs.webkit.org/show_bug.cgi?id=232209
+        <rdar://problem/84584739>
+
+        Reviewed by Darin Adler.
+
+        Remove access to mach services in the GPU process' sandbox that are unused according to telemetry.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+
 2021-11-09  Devin Rousso  <drou...@apple.com>
 
         Unreviewed internal build fix after r285444

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (285544 => 285545)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-11-10 00:45:46 UTC (rev 285544)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-11-10 00:52:14 UTC (rev 285545)
@@ -519,12 +519,9 @@
         (extension-class "com.apple.app-sandbox.read-write" "com.apple.app-sandbox.read")
         (extension "com.apple.fileprovider.read-write")))
 
-(allow mach-lookup (with telemetry)
+(allow mach-lookup
     (global-name "com.apple.logd")
-    (global-name "com.apple.logd.events")
-    (global-name "com.apple.distributed_notifications@1v3")
-    (global-name "com.apple.aggregated")
-)
+    (global-name "com.apple.logd.events"))
 
 (allow mach-lookup (with telemetry)
     (global-name "com.apple.tccd"))
@@ -562,9 +559,6 @@
     (allow nvram-get (with telemetry) (nvram-variable "emu")) ;; <rdar://problem/78363040>
 )
 
-(allow mach-lookup (with telemetry)
-       (global-name "com.apple.system.logger"))
-
 (allow file-read-metadata (with telemetry)
        (literal "/private/var/run/syslog"))
 
@@ -624,10 +618,6 @@
 
 (url-translation)
 
-;; TextInput framework
-(allow mach-lookup (with telemetry)
-    (global-name "com.apple.TextInput"))
-
 (mobile-preferences-read "com.apple.da")
 
 (speech-synthesis-and-voiceover)
@@ -891,17 +881,6 @@
     (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
 )
 
-(allow mach-lookup (with telemetry)
-    (require-all
-        (extension "com.apple.webkit.extension.mach")
-        (global-name
-            "com.apple.PowerManagement.control"
-            "com.apple.frontboard.systemappservices"
-            "com.apple.iconservices"
-        )
-    )
-)
-
 (allow iokit-open (with telemetry)
     (require-all
         (extension "com.apple.webkit.extension.iokit")
@@ -937,16 +916,6 @@
     (global-name "com.apple.systemstatus.activityattribution")
 )
 
-(allow mach-lookup (with telemetry)
-    (require-all
-        (extension "com.apple.webkit.extension.mach")
-        (global-name "com.apple.iphone.axserver-systemwide" "com.apple.tccd")))
-
-(allow mach-lookup (with telemetry)
-    (require-all
-        (extension "com.apple.webkit.extension.mach")
-        (xpc-service-name-prefix "com.apple.AGXCompilerService")))
-
 (media-capture-support)
 
 (allow mach-lookup (with telemetry)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes