[webkit-changes] [259469] trunk

[pvollan]

Title: [259469] trunk

Revision

259469

Author

pvol...@apple.com

Date

2020-04-03 10:37:46 -0700 (Fri, 03 Apr 2020)

Log Message

[iOS] Deny mach lookup access to the runningboard service in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=209933
Source/WebKit:

<rdar://problem/56995639>

Reviewed by Brent Fulgham.

On iOS, after <https://trac.webkit.org/changeset/258180/webkit>, mach lookup access to "com.apple.runningboard"
can be denied in the WebContent process.

Test: fast/sandbox/ios/sandbox-mach-lookup.html

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

Reviewed by Brent Fulgham.

* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/LayoutTests/ChangeLog (259468 => 259469)

--- trunk/LayoutTests/ChangeLog	2020-04-03 16:54:12 UTC (rev 259468)
+++ trunk/LayoutTests/ChangeLog	2020-04-03 17:37:46 UTC (rev 259469)
@@ -1,3 +1,13 @@
+2020-04-03  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Deny mach lookup access to the runningboard service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=209933
+
+        Reviewed by Brent Fulgham.
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
 2020-04-03  Sihui Liu  <sihui_...@apple.com>
 
         Flaky Test: storage/indexeddb/cursor-request-cycle.html

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (259468 => 259469)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-04-03 16:54:12 UTC (rev 259468)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-04-03 17:37:46 UTC (rev 259469)
@@ -27,3 +27,4 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.lsd.mapdb") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.frontboard.systemappservices") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.runningboard") is false

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (259468 => 259469)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-04-03 16:54:12 UTC (rev 259468)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-04-03 17:37:46 UTC (rev 259469)
@@ -30,6 +30,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iconservices\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.lsd.mapdb\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.frontboard.systemappservices\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.runningboard\")");
 }
 </script>
 </head>

Modified: trunk/Source/WebKit/ChangeLog (259468 => 259469)

--- trunk/Source/WebKit/ChangeLog	2020-04-03 16:54:12 UTC (rev 259468)
+++ trunk/Source/WebKit/ChangeLog	2020-04-03 17:37:46 UTC (rev 259469)
@@ -1,3 +1,18 @@
+2020-04-03  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Deny mach lookup access to the runningboard service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=209933
+        <rdar://problem/56995639>
+
+        Reviewed by Brent Fulgham.
+
+        On iOS, after <https://trac.webkit.org/changeset/258180/webkit>, mach lookup access to "com.apple.runningboard"
+        can be denied in the WebContent process.
+
+        Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-04-03  Diego Pino Garcia  <dp...@igalia.com>
 
         REGRESSION(r259401): [GTK] Check surroundingRange is not null

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (259468 => 259469)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-04-03 16:54:12 UTC (rev 259468)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-04-03 17:37:46 UTC (rev 259469)
@@ -552,8 +552,8 @@
     (deny ipc-posix-sem-create ipc-posix-sem-post ipc-posix-sem-unlink ipc-posix-sem-wait)
     (allow ipc-posix-sem-open))
 
-(allow mach-lookup (with telemetry)
-    (global-name "com.apple.runningboard") ;; Needed by process assertion code (ProcessTaskStateObserver).
+(deny mach-lookup (with telemetry-backtrace)
+    (global-name "com.apple.runningboard")
 )
 
 (allow system-sched

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes