Skip to site navigation (Press enter)

[webkit-changes] [258845] trunk

pvollan Mon, 23 Mar 2020 08:37:09 -0700

Title: [258845] trunk

Revision: 258845
Author: [email protected]
Date: 2020-03-23 08:35:42 -0700 (Mon, 23 Mar 2020)

Log Message

[iOS] Deny mach lookup access to icon services
https://bugs.webkit.org/show_bug.cgi?id=209340


Reviewed by Brent Fulgham.

Source/WebKit:

Tested by fast/sandbox/ios/sandbox-mach-lookup.html

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/LayoutTests/ChangeLog (258844 => 258845)


--- trunk/LayoutTests/ChangeLog	2020-03-23 15:27:38 UTC (rev 258844)
+++ trunk/LayoutTests/ChangeLog	2020-03-23 15:35:42 UTC (rev 258845)
@@ -1,3 +1,13 @@
+2020-03-23  Per Arne Vollan  <[email protected]>
+
+        [iOS] Deny mach lookup access to icon services
+        https://bugs.webkit.org/show_bug.cgi?id=209340
+
+        Reviewed by Brent Fulgham.
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
 2020-03-23  Jacob Uphoff  <[email protected]>
 
         Unreviewed, reverting r258803.

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (258844 => 258845)


--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-03-23 15:27:38 UTC (rev 258844)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-03-23 15:35:42 UTC (rev 258845)
@@ -24,3 +24,4 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.PowerManagement.control") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.mobileassetd") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.mobileassetd.v2") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices") is false

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (258844 => 258845)


--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-03-23 15:27:38 UTC (rev 258844)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-03-23 15:35:42 UTC (rev 258845)
@@ -27,6 +27,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.PowerManagement.control\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.mobileassetd\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.mobileassetd.v2\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iconservices\")");
 }
 </script>
 </head>

Modified: trunk/Source/WebKit/ChangeLog (258844 => 258845)


--- trunk/Source/WebKit/ChangeLog	2020-03-23 15:27:38 UTC (rev 258844)
+++ trunk/Source/WebKit/ChangeLog	2020-03-23 15:35:42 UTC (rev 258845)
@@ -1,3 +1,14 @@
+2020-03-23  Per Arne Vollan  <[email protected]>
+
+        [iOS] Deny mach lookup access to icon services
+        https://bugs.webkit.org/show_bug.cgi?id=209340
+
+        Reviewed by Brent Fulgham.
+
+        Tested by fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-03-23  Jacob Uphoff  <[email protected]>
 
         Unreviewed, reverting r258803.

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (258844 => 258845)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-03-23 15:27:38 UTC (rev 258844)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-03-23 15:35:42 UTC (rev 258845)
@@ -671,7 +671,7 @@
 ;; <rdar://problem/7344719&26323449> LaunchServices app icons
 (allow file-read*
     (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
-(allow mach-lookup (with telemetry-backtrace)
+(deny mach-lookup (with telemetry-backtrace)
     (xpc-service-name "com.apple.iconservices")
     (global-name "com.apple.iconservices"))

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes