[webkit-changes] [261490] trunk/Source/WebKit

Mon, 11 May 2020 12:46:41 -0700

Title: [261490] trunk/Source/WebKit
Revision
261490
Author
pvol...@apple.com
Date
2020-05-11 12:45:37 -0700 (Mon, 11 May 2020)

Log Message

[iOS] Update message filtering rules in the WebContent process' sandbox
https://bugs.webkit.org/show_bug.cgi?id=211188
<rdar://problem/60922910>

Reviewed by Brent Fulgham.

Based on telemetry and local testing, update the message filtering rules in the WebContent process' sandbox on iOS.
Messages that have not been observed being in use, should be denied.

No new tests, covered by existing tests.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (261489 => 261490)


--- trunk/Source/WebKit/ChangeLog	2020-05-11 19:42:40 UTC (rev 261489)
+++ trunk/Source/WebKit/ChangeLog	2020-05-11 19:45:37 UTC (rev 261490)
@@ -1,3 +1,18 @@
+2020-05-11  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Update message filtering rules in the WebContent process' sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=211188
+        <rdar://problem/60922910>
+
+        Reviewed by Brent Fulgham.
+
+        Based on telemetry and local testing, update the message filtering rules in the WebContent process' sandbox on iOS.
+        Messages that have not been observed being in use, should be denied.
+
+        No new tests, covered by existing tests.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-05-11  Chris Dumez  <cdu...@apple.com>
 
         [iOS] WKWebView.evaluateJavaScript should run at foreground priority when app is foreground

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (261489 => 261490)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-05-11 19:42:40 UTC (rev 261489)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-05-11 19:45:37 UTC (rev 261490)
@@ -1213,12 +1213,12 @@
     )
 )
 
-(when (defined? 'mach_make_memory_entry)
 (when (defined? 'mach-kernel-endpoint)
     (allow mach-kernel-endpoint
         (apply-message-filter
-            (allow mach-message-send (with report) (with telemetry))
+            (deny mach-message-send (with telemetry))
             (allow mach-message-send (kernel-mig-routine
+                (when (defined? '_mach_make_memory_entry) _mach_make_memory_entry)
                 host_get_clock_service
                 host_get_io_master
                 host_get_special_port
@@ -1238,7 +1238,8 @@
                 io_service_get_matching_service_bin
                 io_service_get_matching_services_bin
                 io_service_open_extended
-                mach_make_memory_entry
+                mach_exception_raise
+                (when (defined? 'mach_make_memory_entry) mach_make_memory_entry)
                 mach_port_get_context_from_user
                 mach_port_request_notification
                 mach_port_set_attributes
@@ -1265,4 +1266,3 @@
         )
     )
 )
-)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to