Title: [285721] trunk/Source/WebKit
- Revision
- 285721
- Author
- pvol...@apple.com
- Date
- 2021-11-12 08:31:07 -0800 (Fri, 12 Nov 2021)
Log Message
[macOS][GPUP] Add syscalls to sandbox
https://bugs.webkit.org/show_bug.cgi?id=232210
<rdar://problem/84584844>
Reviewed by Brent Fulgham.
Based on telemetry, add syscalls to the GPU process' sandbox on macOS.
* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (285720 => 285721)
--- trunk/Source/WebKit/ChangeLog 2021-11-12 16:18:51 UTC (rev 285720)
+++ trunk/Source/WebKit/ChangeLog 2021-11-12 16:31:07 UTC (rev 285721)
@@ -1,3 +1,15 @@
+2021-11-12 Per Arne <pvol...@apple.com>
+
+ [macOS][GPUP] Add syscalls to sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=232210
+ <rdar://problem/84584844>
+
+ Reviewed by Brent Fulgham.
+
+ Based on telemetry, add syscalls to the GPU process' sandbox on macOS.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+
2021-11-12 Chris Dumez <cdu...@apple.com>
WebKit is unable to recover if a WebProcess gets terminated while it is launching
Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (285720 => 285721)
--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-11-12 16:18:51 UTC (rev 285720)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-11-12 16:31:07 UTC (rev 285721)
@@ -873,53 +873,97 @@
(when (defined? 'syscall-unix)
(allow syscall-unix (with telemetry))
(allow syscall-unix (syscall-number
+ SYS___channel_open
SYS___disable_threadsignal
SYS___mac_syscall
+ SYS___pthread_kill
+ SYS___pthread_sigmask
+ SYS___semwait_signal
SYS_access
SYS_bsdthread_create
SYS_bsdthread_ctl
SYS_bsdthread_terminate
+ SYS_change_fdguard_np
SYS_csrctl
+ SYS_dup
+ SYS_exit
+ SYS_faccessat
SYS_fcntl
+ SYS_fcntl_nocancel
+ SYS_fgetxattr
SYS_flock
SYS_fsgetpath
SYS_fstat
+ SYS_fstat64
+ SYS_fstatat64
SYS_fstatfs
+ SYS_fstatfs64
SYS_ftruncate
SYS_getattrlist
+ SYS_getattrlistbulk
SYS_getaudit_addr
SYS_getdirentries
+ SYS_getdirentries64
SYS_getentropy
SYS_geteuid
SYS_getfsstat
+ SYS_getfsstat64
SYS_getgid
+ SYS_getpriority
+ SYS_getrlimit
+ SYS_getrusage
SYS_gettimeofday
SYS_getuid
+ SYS_getxattr
+ SYS_issetugid
+ SYS_kdebug_trace
+ SYS_kdebug_trace64
+ SYS_kdebug_trace_string
+ SYS_kdebug_typefilter
SYS_kevent_id
SYS_kevent_qos
SYS_kqueue_workloop_ctl
SYS_lseek
SYS_lstat
+ SYS_lstat64
SYS_madvise
+ SYS_memorystatus_control
+ SYS_mincore
SYS_mkdir
+ SYS_mlock
SYS_mmap
SYS_mprotect
+ SYS_msync
+ SYS_munlock
SYS_munmap
+ SYS_necp_client_action
+ SYS_necp_open
SYS_pathconf
+ SYS_pread
+ SYS_proc_rlimit_control
SYS_psynch_cvbroad
+ SYS_psynch_cvclrprepost
+ SYS_psynch_cvsignal
SYS_psynch_cvwait
SYS_psynch_mutexdrop
SYS_psynch_mutexwait
+ SYS_psynch_rw_rdlock
SYS_psynch_rw_unlock
SYS_psynch_rw_wrlock
SYS_read
SYS_read_nocancel
+ SYS_readlink
SYS_rename
+ SYS_sendto
+ SYS_sigaltstack
+ SYS_sigprocmask
+ SYS_socket
SYS_stat
+ SYS_stat64
SYS_statfs
+ SYS_statfs64
SYS_thread_selfid
SYS_ulock_wait
SYS_ulock_wake
SYS_work_interval_ctl
- SYS_workq_kernreturn
SYS_workq_kernreturn)))
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
