Skip to site navigation (Press enter)

[webkit-changes] [278881] trunk/Source/WebKit

bfulgham Tue, 15 Jun 2021 11:02:01 -0700

Title: [278881] trunk/Source/WebKit

Revision: 278881
Author: bfulg...@apple.com
Date: 2021-06-15 11:01:04 -0700 (Tue, 15 Jun 2021)

Log Message

[iOS] Permit access to 'platform-name'
https://bugs.webkit.org/show_bug.cgi?id=227032
<rdar://problem/79334360>


Reviewed by Per Arne Vollan.

Telemetry shows that some media code needs access to 'platform-name'. We allow this in the
WebContent process, but didn't include it in the GPU Process.

Make the WebContent and GPU Process consistent in this access. Also adopt the standard rule
for this used in the system sandbox, which restricts the access to the IOKit class family that
has this property.

* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (278880 => 278881)


--- trunk/Source/WebKit/ChangeLog	2021-06-15 17:20:54 UTC (rev 278880)
+++ trunk/Source/WebKit/ChangeLog	2021-06-15 18:01:04 UTC (rev 278881)
@@ -1,3 +1,21 @@
+2021-06-15  Brent Fulgham  <bfulg...@apple.com>
+
+        [iOS] Permit access to 'platform-name' 
+        https://bugs.webkit.org/show_bug.cgi?id=227032
+        <rdar://problem/79334360>
+
+        Reviewed by Per Arne Vollan.
+
+        Telemetry shows that some media code needs access to 'platform-name'. We allow this in the
+        WebContent process, but didn't include it in the GPU Process.
+
+        Make the WebContent and GPU Process consistent in this access. Also adopt the standard rule
+        for this used in the system sandbox, which restricts the access to the IOKit class family that
+        has this property.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+
 2021-06-15  Alexander Mikhaylenko  <al...@gnome.org>
 
         [GTK] Support transient zoom

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (278880 => 278881)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-06-15 17:20:54 UTC (rev 278880)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-06-15 18:01:04 UTC (rev 278881)
@@ -879,8 +879,6 @@
     (iokit-property "oled-display") ;; <rdar://problem/51322072>
     (iokit-property "product-description") ;; <rdar://problem/49497788>
     (iokit-property "product-id")
-    (iokit-property "region-info") ;; <rdar://problem/52903475>
-    (iokit-property "regulatory-model-number") ;; <rdar://problem/52903475>
     (iokit-property "soc-generation") ;; <rdar://problem/52903476>
     (iokit-property "software-behavior")
     (iokit-property "vendor-id")
@@ -888,6 +886,19 @@
     (iokit-property "ui-pip") ;; <rdar://problem/48867037>
 )
 
+; IOPlatformExpertDevice
+(with-filter (iokit-registry-entry-class "IOPlatformExpertDevice")
+    (allow iokit-get-properties
+        (iokit-property
+            "model"
+            "model-number"
+            "platform-name" ;; <rdar://problem/79334360>
+            "region-info" ;; <rdar://problem/52903475>
+            "regulatory-model-number" ;; <rdar://problem/52903475>
+        )
+    )
+)
+
 ;; Read-only preferences and data
 (mobile-preferences-read
     "com.apple.LaunchServices"

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (278880 => 278881)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2021-06-15 17:20:54 UTC (rev 278880)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2021-06-15 18:01:04 UTC (rev 278881)
@@ -1016,16 +1016,24 @@
     (iokit-property "oled-display") ;; <rdar://problem/51322072>
     (iokit-property "product-description") ;; <rdar://problem/49497788>
     (iokit-property "product-id")
-    (iokit-property "region-info") ;; <rdar://problem/52903475>
-    (iokit-property "regulatory-model-number") ;; <rdar://problem/52903475>
     (iokit-property "soc-generation") ;; <rdar://problem/52903476>
     (iokit-property "software-behavior")
     (iokit-property "vendor-id")
     (iokit-property "udid-version") ;; <rdar://problem/52903475>
     (iokit-property "ui-pip") ;; <rdar://problem/48867037>
-    (iokit-property "platform-name")
 )
 
+; IOPlatformExpertDevice
+(with-filter (iokit-registry-entry-class "IOPlatformExpertDevice")
+    (allow iokit-get-properties
+        (iokit-property
+            "platform-name" ;; <rdar://problem/79334360>
+            "region-info" ;; <rdar://problem/52903475>
+            "regulatory-model-number" ;; <rdar://problem/52903475>
+        )
+    )
+)
+
 ;; Read-only preferences and data
 (mobile-preferences-read
     "com.apple.LaunchServices"

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes