Title: [285774] trunk/Source/WebKit
- Revision
- 285774
- Author
- pvol...@apple.com
- Date
- 2021-11-13 08:13:24 -0800 (Sat, 13 Nov 2021)
Log Message
[macOS][GPUP] Add telemetry for syscalls
https://bugs.webkit.org/show_bug.cgi?id=232888
<rdar://problem/85207011>
Reviewed by Brent Fulgham.
Add more telemetry for syscalls in the GPU process' sandbox on macOS. Also add entitlement for the GPU
process to use message filtering.
* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
* Scripts/process-entitlements.sh:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (285773 => 285774)
--- trunk/Source/WebKit/ChangeLog 2021-11-13 16:09:17 UTC (rev 285773)
+++ trunk/Source/WebKit/ChangeLog 2021-11-13 16:13:24 UTC (rev 285774)
@@ -1,3 +1,17 @@
+2021-11-13 Per Arne Vollan <pvol...@apple.com>
+
+ [macOS][GPUP] Add telemetry for syscalls
+ https://bugs.webkit.org/show_bug.cgi?id=232888
+ <rdar://problem/85207011>
+
+ Reviewed by Brent Fulgham.
+
+ Add more telemetry for syscalls in the GPU process' sandbox on macOS. Also add entitlement for the GPU
+ process to use message filtering.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+ * Scripts/process-entitlements.sh:
+
2021-11-13 Per Arne Vollan <pvol...@apple.com>
[iOS][GPUP] Add system call logging
Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (285773 => 285774)
--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-11-13 16:09:17 UTC (rev 285773)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-11-13 16:13:24 UTC (rev 285774)
@@ -856,6 +856,41 @@
)
)
+(when (defined? 'mach-kernel-endpoint)
+ (allow mach-kernel-endpoint
+ (apply-message-filter
+ (allow mach-message-send (with telemetry)))))
+
+(when (defined? 'syscall-mach)
+ (allow syscall-mach (with telemetry))
+ (allow syscall-mach (machtrap-number
+ MSC__kernelrpc_mach_port_allocate_trap
+ MSC__kernelrpc_mach_port_construct_trap
+ MSC__kernelrpc_mach_port_deallocate_trap
+ MSC__kernelrpc_mach_port_destruct_trap
+ MSC__kernelrpc_mach_port_extract_member_trap
+ MSC__kernelrpc_mach_port_guard_trap
+ MSC__kernelrpc_mach_port_insert_member_trap
+ MSC__kernelrpc_mach_port_insert_right_trap
+ MSC__kernelrpc_mach_port_mod_refs_trap
+ MSC__kernelrpc_mach_port_request_notification_trap
+ MSC__kernelrpc_mach_port_type_trap
+ MSC__kernelrpc_mach_vm_allocate_trap
+ MSC__kernelrpc_mach_vm_deallocate_trap
+ MSC__kernelrpc_mach_vm_map_trap
+ MSC__kernelrpc_mach_vm_protect_trap
+ MSC_host_create_mach_voucher_trap
+ MSC_host_self_trap
+ MSC_mach_msg_trap
+ MSC_mach_reply_port
+ MSC_mach_voucher_extract_attr_recipe_trap
+ MSC_pid_for_task
+ MSC_semaphore_signal_trap
+ MSC_semaphore_wait_trap
+ MSC_swtch_pri
+ MSC_syscall_thread_switch
+ MSC_thread_get_special_reply_port)))
+
(when (defined? 'syscall-unix)
(allow syscall-unix (with telemetry))
(allow syscall-unix (syscall-number
Modified: trunk/Source/WebKit/Scripts/process-entitlements.sh (285773 => 285774)
--- trunk/Source/WebKit/Scripts/process-entitlements.sh 2021-11-13 16:09:17 UTC (rev 285773)
+++ trunk/Source/WebKit/Scripts/process-entitlements.sh 2021-11-13 16:13:24 UTC (rev 285774)
@@ -57,6 +57,7 @@
if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
then
+ plistbuddy Add :com.apple.private.security.message-filter bool YES
plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
fi
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes