Skip to site navigation (Press enter)

[webkit-changes] [254306] trunk/Source/WebKit

bfulgham Thu, 09 Jan 2020 15:19:04 -0800

Title: [254306] trunk/Source/WebKit

Revision: 254306
Author: bfulg...@apple.com
Date: 2020-01-09 15:18:05 -0800 (Thu, 09 Jan 2020)

Log Message

Remove AGXCompilerService access from the WebContent sandbox
https://bugs.webkit.org/show_bug.cgi?id=206020
<rdar://problem/58451395>


Reviewed by Per Arne Vollan.

Now that we generate a dynamic extension for 'com.apple.AGXCompilerService', we should remove the
blanket allow rule from the sandbox.

Covered by existing tests.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/Source/WebKit/ChangeLog (254305 => 254306)


--- trunk/Source/WebKit/ChangeLog	2020-01-09 22:59:46 UTC (rev 254305)
+++ trunk/Source/WebKit/ChangeLog	2020-01-09 23:18:05 UTC (rev 254306)
@@ -1,3 +1,18 @@
+2020-01-09  Brent Fulgham  <bfulg...@apple.com>
+
+        Remove AGXCompilerService access from the WebContent sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=206020
+        <rdar://problem/58451395>
+
+        Reviewed by Per Arne Vollan.
+
+        Now that we generate a dynamic extension for 'com.apple.AGXCompilerService', we should remove the
+        blanket allow rule from the sandbox.
+
+        Covered by existing tests.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-01-09  Tim Horton  <timothy_hor...@apple.com>
 
         Fix a tiny logging mistake in launchProcess

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (254305 => 254306)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-09 22:59:46 UTC (rev 254305)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-09 23:18:05 UTC (rev 254306)
@@ -298,9 +298,6 @@
     (allow sysctl-read
            (sysctl-name #"kern.bootsessionuuid"))
 
-    (allow mach-lookup (with report) (with telemetry)
-        (xpc-service-name-prefix "com.apple.AGXCompilerService"))
-
     (allow mach-lookup
        ;; <rdar://problem/47268166>
        (xpc-service-name "com.apple.MTLCompilerService"))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes