Title: [283328] trunk/Source/WebKit
- Revision
- 283328
- Author
- pvol...@apple.com
- Date
- 2021-09-30 13:05:55 -0700 (Thu, 30 Sep 2021)
Log Message
[GPUP] Add syscall filter telemetry
https://bugs.webkit.org/show_bug.cgi?id=230960
<rdar://problem/83674166>
Reviewed by Brent Fulgham.
Add syscall filter telemetry in the GPU process' sandbox on iOS and macOS.
Syscall observed being in use are added without telemetry.
* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (283327 => 283328)
--- trunk/Source/WebKit/ChangeLog 2021-09-30 20:05:31 UTC (rev 283327)
+++ trunk/Source/WebKit/ChangeLog 2021-09-30 20:05:55 UTC (rev 283328)
@@ -1,5 +1,19 @@
2021-09-30 Per Arne <pvol...@apple.com>
+ [GPUP] Add syscall filter telemetry
+ https://bugs.webkit.org/show_bug.cgi?id=230960
+ <rdar://problem/83674166>
+
+ Reviewed by Brent Fulgham.
+
+ Add syscall filter telemetry in the GPU process' sandbox on iOS and macOS.
+ Syscall observed being in use are added without telemetry.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+
+2021-09-30 Per Arne <pvol...@apple.com>
+
Add syscall filter telemetry for the Networking process
https://bugs.webkit.org/show_bug.cgi?id=230961
<rdar://problem/83674634>
Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (283327 => 283328)
--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-09-30 20:05:31 UTC (rev 283327)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-09-30 20:05:55 UTC (rev 283328)
@@ -939,3 +939,57 @@
(iokit-user-client-class "IOSurfaceAcceleratorClient")
)
)
+
+(when (defined? 'syscall-unix)
+ (allow syscall-unix (with telemetry))
+ (allow syscall-unix (syscall-number
+ SYS___disable_threadsignal
+ SYS___mac_syscall
+ SYS_access
+ SYS_bsdthread_create
+ SYS_bsdthread_ctl
+ SYS_bsdthread_terminate
+ SYS_csrctl
+ SYS_fcntl
+ SYS_flock
+ SYS_fsgetpath
+ SYS_fstat
+ SYS_fstatfs
+ SYS_ftruncate
+ SYS_getattrlist
+ SYS_getaudit_addr
+ SYS_getdirentries
+ SYS_getentropy
+ SYS_geteuid
+ SYS_getfsstat
+ SYS_getgid
+ SYS_gettimeofday
+ SYS_getuid
+ SYS_kevent_id
+ SYS_kevent_qos
+ SYS_kqueue_workloop_ctl
+ SYS_lseek
+ SYS_lstat
+ SYS_madvise
+ SYS_mkdir
+ SYS_mmap
+ SYS_mprotect
+ SYS_munmap
+ SYS_pathconf
+ SYS_psynch_cvbroad
+ SYS_psynch_cvwait
+ SYS_psynch_mutexdrop
+ SYS_psynch_mutexwait
+ SYS_psynch_rw_unlock
+ SYS_psynch_rw_wrlock
+ SYS_read
+ SYS_read_nocancel
+ SYS_rename
+ SYS_stat
+ SYS_statfs
+ SYS_thread_selfid
+ SYS_ulock_wait
+ SYS_ulock_wake
+ SYS_work_interval_ctl
+ SYS_workq_kernreturn
+ SYS_workq_kernreturn)))
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (283327 => 283328)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-09-30 20:05:31 UTC (rev 283327)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-09-30 20:05:55 UTC (rev 283328)
@@ -945,3 +945,101 @@
(deny mach-lookup
(global-name "com.apple.webkit.camera")
)
+
+(when (defined? 'syscall-unix)
+ (allow syscall-unix (with telemetry))
+ (allow syscall-unix (syscall-number
+ SYS___disable_threadsignal
+ SYS___mac_syscall
+ SYS___pthread_sigmask
+ SYS___semwait_signal
+ SYS_access
+ SYS_bsdthread_create
+ SYS_bsdthread_ctl
+ SYS_bsdthread_register
+ SYS_bsdthread_terminate
+ SYS_change_fdguard_np
+ SYS_chdir
+ SYS_close
+ SYS_close_nocancel
+ SYS_connect
+ SYS_csops
+ SYS_csops_audittoken
+ SYS_exit
+ SYS_fcntl
+ SYS_flock
+ SYS_fsetattrlist
+ SYS_fsetxattr
+ SYS_fsgetpath
+ SYS_fstat64
+ SYS_fstatat64
+ SYS_fstatfs64
+ SYS_ftruncate
+ SYS_getattrlist
+ SYS_getdirentries64
+ SYS_getegid
+ SYS_getentropy
+ SYS_geteuid
+ SYS_getfsstat64
+ SYS_getgid
+ SYS_getpid
+ SYS_getrlimit
+ SYS_gettid
+ SYS_gettimeofday
+ SYS_getuid
+ SYS_ioctl
+ SYS_issetugid
+ SYS_kdebug_trace64
+ SYS_kdebug_trace_string
+ SYS_kdebug_typefilter
+ SYS_kevent_id
+ SYS_kevent_qos
+ SYS_kqueue_workloop_ctl
+ SYS_lseek
+ SYS_lstat64
+ SYS_madvise
+ SYS_memorystatus_control
+ SYS_mkdir
+ SYS_mmap
+ SYS_mprotect
+ SYS_msync
+ SYS_munmap
+ SYS_objc_bp_assist_cfg_np
+ SYS_open
+ SYS_open_nocancel
+ SYS_openat
+ SYS_os_fault_with_payload
+ SYS_pathconf
+ SYS_pread
+ SYS_proc_info
+ SYS_psynch_cvbroad
+ SYS_psynch_cvclrprepost
+ SYS_psynch_cvsignal
+ SYS_psynch_cvwait
+ SYS_psynch_mutexdrop
+ SYS_psynch_mutexwait
+ SYS_psynch_rw_rdlock
+ SYS_psynch_rw_unlock
+ SYS_psynch_rw_wrlock
+ SYS_read
+ SYS_read_nocancel
+ SYS_readlink
+ SYS_rename
+ SYS_sem_close
+ SYS_sem_open
+ SYS_sendto
+ SYS_shared_region_check_np
+ SYS_shm_open
+ SYS_sigaction
+ SYS_socket
+ SYS_stat64
+ SYS_sysctl
+ SYS_sysctlbyname
+ SYS_thread_selfid
+ SYS_ulock_wait
+ SYS_ulock_wake
+ SYS_work_interval_ctl
+ SYS_workq_kernreturn
+ SYS_workq_open
+ SYS_write_nocancel
+ SYS_writev)))
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
