Title: [290488] branches/safari-614.1.5-branch/Source/WebKit
- Revision
- 290488
- Author
- repst...@apple.com
- Date
- 2022-02-24 18:22:26 -0800 (Thu, 24 Feb 2022)
Log Message
Cherry-pick r290288. rdar://problem/89062166
Allow adattributiond to start on iOS devices
https://bugs.webkit.org/show_bug.cgi?id=237009
<rdar://89062166>
Reviewed by Per Arne Vollan.
There were three more problems preventing it from starting:
1. The code signature said to look for a sandbox profile with "webkit" in the name, but the profile had "WebKit" in the name.
These names are case sensitive.
2. The sandbox profile would not let it load the WebKit framework, so dyld would fail and the process would fail to launch.
I added the framework directories that the XPC services are allowed to access.
3. Once it started, it would crash inside WTF::initializeMainThread when calling WTF::pageSize which requires access to the hw.pagesize_compat syscall.
As a starting point, I'm going to allow all the syscalls that the network process currently has access to,
which is enough to get it to respond without crashing.
4. We need access to com.apple.diagnosticd and com.apple.analyticsd in order to be able to generate crash reports. This is quite useful.
Yes, I know I said there were only three problems, but the 4th is so useful I thought I'd put it in the list.
* Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb:
* Scripts/process-entitlements.sh:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@290288 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-614.1.5-branch/Source/WebKit/ChangeLog (290487 => 290488)
--- branches/safari-614.1.5-branch/Source/WebKit/ChangeLog 2022-02-25 02:21:30 UTC (rev 290487)
+++ branches/safari-614.1.5-branch/Source/WebKit/ChangeLog 2022-02-25 02:22:26 UTC (rev 290488)
@@ -1,5 +1,55 @@
2022-02-24 Russell Epstein <repst...@apple.com>
+ Cherry-pick r290288. rdar://problem/89062166
+
+ Allow adattributiond to start on iOS devices
+ https://bugs.webkit.org/show_bug.cgi?id=237009
+ <rdar://89062166>
+
+ Reviewed by Per Arne Vollan.
+
+ There were three more problems preventing it from starting:
+ 1. The code signature said to look for a sandbox profile with "webkit" in the name, but the profile had "WebKit" in the name.
+ These names are case sensitive.
+ 2. The sandbox profile would not let it load the WebKit framework, so dyld would fail and the process would fail to launch.
+ I added the framework directories that the XPC services are allowed to access.
+ 3. Once it started, it would crash inside WTF::initializeMainThread when calling WTF::pageSize which requires access to the hw.pagesize_compat syscall.
+ As a starting point, I'm going to allow all the syscalls that the network process currently has access to,
+ which is enough to get it to respond without crashing.
+ 4. We need access to com.apple.diagnosticd and com.apple.analyticsd in order to be able to generate crash reports. This is quite useful.
+ Yes, I know I said there were only three problems, but the 4th is so useful I thought I'd put it in the list.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb:
+ * Scripts/process-entitlements.sh:
+
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@290288 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2022-02-21 Alex Christensen <achristen...@webkit.org>
+
+ Allow adattributiond to start on iOS devices
+ https://bugs.webkit.org/show_bug.cgi?id=237009
+ <rdar://89062166>
+
+ Reviewed by Per Arne Vollan.
+
+ There were three more problems preventing it from starting:
+ 1. The code signature said to look for a sandbox profile with "webkit" in the name, but the profile had "WebKit" in the name.
+ These names are case sensitive.
+ 2. The sandbox profile would not let it load the WebKit framework, so dyld would fail and the process would fail to launch.
+ I added the framework directories that the XPC services are allowed to access.
+ 3. Once it started, it would crash inside WTF::initializeMainThread when calling WTF::pageSize which requires access to the hw.pagesize_compat syscall.
+ As a starting point, I'm going to allow all the syscalls that the network process currently has access to,
+ which is enough to get it to respond without crashing.
+ 4. We need access to com.apple.diagnosticd and com.apple.analyticsd in order to be able to generate crash reports. This is quite useful.
+ Yes, I know I said there were only three problems, but the 4th is so useful I thought I'd put it in the list.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb:
+ * Scripts/process-entitlements.sh:
+
+2022-02-24 Russell Epstein <repst...@apple.com>
+
Cherry-pick r290442. rdar://problem/89345853
[MacCatalyst] REGRESSION(r290091): sometimes can crash if `WKWebView` is deallocated before the next visible content rect update
Modified: branches/safari-614.1.5-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb (290487 => 290488)
--- branches/safari-614.1.5-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb 2022-02-25 02:21:30 UTC (rev 290487)
+++ branches/safari-614.1.5-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb 2022-02-25 02:22:26 UTC (rev 290488)
@@ -73,6 +73,37 @@
(allow file-read* file-write*
(subpath "/var/mobile/Library/com.apple.webkit.addattributiond"))
+(allow file-read* file-map-executable
+ (subpath "/System/Library/Frameworks")
+ (subpath "/System/Library/PrivateFrameworks"))
+
+(with-filter (system-attribute apple-internal)
+ (allow mach-lookup
+ (global-name "com.apple.analyticsd")
+ (global-name "com.apple.diagnosticd")))
+
+(deny sysctl* (with telemetry))
+(allow sysctl-read
+ (sysctl-name
+ "hw.activecpu"
+ "hw.machine"
+ "hw.memsize"
+ "hw.ncpu"
+ "hw.pagesize_compat"
+ "kern.bootargs"
+ "kern.hostname"
+ "kern.maxfilesperproc"
+ "kern.osproductversion"
+ "kern.osrelease"
+ "kern.ostype"
+ "kern.osvariant_status"
+ "kern.osversion"
+ "kern.secure_kernel"
+ "kern.version"
+ "vm.footprint_suspend")
+ (sysctl-name-prefix "kern.proc.pid.")
+)
+
(allow-read-write-directory-contents (param "DARWIN_USER_CACHE_DIR"))
(allow-read-write-directory-contents (param "DARWIN_USER_TEMP_DIR"))
Modified: branches/safari-614.1.5-branch/Source/WebKit/Scripts/process-entitlements.sh (290487 => 290488)
--- branches/safari-614.1.5-branch/Source/WebKit/Scripts/process-entitlements.sh 2022-02-25 02:21:30 UTC (rev 290487)
+++ branches/safari-614.1.5-branch/Source/WebKit/Scripts/process-entitlements.sh 2022-02-25 02:22:26 UTC (rev 290488)
@@ -510,7 +510,7 @@
function ios_family_process_adattributiond_entitlements()
{
plistbuddy Add :seatbelt-profiles array
- plistbuddy Add :seatbelt-profiles:0 string com.apple.webkit.adattributiond
+ plistbuddy Add :seatbelt-profiles:0 string com.apple.WebKit.adattributiond
}
function ios_family_process_webpushd_entitlements()
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
