[webkit-changes] [285735] trunk/Source/WebKit

Fri, 12 Nov 2021 12:10:05 -0800

Title: [285735] trunk/Source/WebKit
Revision
285735
Author
pvol...@apple.com
Date
2021-11-12 12:09:11 -0800 (Fri, 12 Nov 2021)

Log Message

[macOS][GPUP] Block access to mach register
https://bugs.webkit.org/show_bug.cgi?id=232259
<rdar://problem/84624488>

Reviewed by Brent Fulgham.

Based on telemetry, block access to mach register in the GPU process on macOS.

* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (285734 => 285735)


--- trunk/Source/WebKit/ChangeLog	2021-11-12 19:50:24 UTC (rev 285734)
+++ trunk/Source/WebKit/ChangeLog	2021-11-12 20:09:11 UTC (rev 285735)
@@ -1,3 +1,15 @@
+2021-11-12  Per Arne  <pvol...@apple.com>
+
+        [macOS][GPUP] Block access to mach register
+        https://bugs.webkit.org/show_bug.cgi?id=232259
+        <rdar://problem/84624488>
+
+        Reviewed by Brent Fulgham.
+
+        Based on telemetry, block access to mach register in the GPU process on macOS.
+
+        * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+
 2021-11-12  Chris Dumez  <cdu...@apple.com>
 
         Disable MathML when in Captive Portal Mode

Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (285734 => 285735)


--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2021-11-12 19:50:24 UTC (rev 285734)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2021-11-12 20:09:11 UTC (rev 285735)
@@ -37,9 +37,6 @@
 ;;; remove unneeded sandbox extensions.
 ;;;
 
-;;; Allow registration of per-pid services.
-(allow mach-register (with telemetry) (local-name-prefix ""))
-
 ;;; Allow read access to standard system paths.
 (allow file-read*
     (require-all
@@ -602,7 +599,8 @@
 (read-write-and-issue-extensions (extension "com.apple.app-sandbox.read-write"))
 
 ;; Allow the OpenGL Profiler to attach.
-(allow mach-register (with telemetry) (global-name-regex #"^_oglprof_attach_<[0-9]+>$"))
+(with-filter (system-attribute apple-internal)
+    (allow mach-register (with telemetry) (global-name-regex #"^_oglprof_attach_<[0-9]+>$")))
 
 (if (positive? (string-length (param "DARWIN_USER_CACHE_DIR")))
     (allow-read-write-directory-and-issue-read-write-extensions (param "DARWIN_USER_CACHE_DIR")))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to