Skip to site navigation (Press enter)

[webkit-changes] [261696] trunk/Source/WebKit

pvollan Thu, 14 May 2020 10:00:09 -0700

Title: [261696] trunk/Source/WebKit

Revision: 261696
Author: pvol...@apple.com
Date: 2020-05-14 09:59:13 -0700 (Thu, 14 May 2020)

Log Message

[iOS] Update message filtering rules in the WebContent process' sandbox
https://bugs.webkit.org/show_bug.cgi?id=211188


Reviewed by Brent Fulgham.

Based on telemetry and local testing, update the message filtering rules in the WebContent process' sandbox on iOS.
Messages that have not been observed being in use, should be denied.

No new tests, covered by existing tests.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/Source/WebKit/ChangeLog (261695 => 261696)


--- trunk/Source/WebKit/ChangeLog	2020-05-14 16:11:26 UTC (rev 261695)
+++ trunk/Source/WebKit/ChangeLog	2020-05-14 16:59:13 UTC (rev 261696)
@@ -1,3 +1,17 @@
+2020-05-14  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Update message filtering rules in the WebContent process' sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=211188
+
+        Reviewed by Brent Fulgham.
+
+        Based on telemetry and local testing, update the message filtering rules in the WebContent process' sandbox on iOS.
+        Messages that have not been observed being in use, should be denied.
+
+        No new tests, covered by existing tests.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-05-14  Adrian Perez de Castro  <ape...@igalia.com>
 
         Non-unified build fixed, mid May 2020 edition

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (261695 => 261696)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-05-14 16:11:26 UTC (rev 261695)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-05-14 16:59:13 UTC (rev 261696)
@@ -92,8 +92,9 @@
             (apply-message-filter
                 (deny (with telemetry)
                     iokit-async-external-method
-                    iokit-external-method
                     iokit-external-trap)
+                (allow
+                    iokit-external-method)
             )
         )
     )
@@ -386,8 +387,9 @@
             (apply-message-filter
                 (deny (with telemetry)
                     iokit-async-external-method
-                    iokit-external-method
                     iokit-external-trap)
+                (allow
+                    iokit-external-method)
             )
         )
     )
@@ -1264,12 +1266,15 @@
             (deny mach-message-send (with telemetry))
             (allow mach-message-send (kernel-mig-routine
                 (when (defined? '_mach_make_memory_entry) _mach_make_memory_entry)
+                clock_get_time
                 host_get_clock_service
                 host_get_io_master
                 host_get_special_port
                 host_info
                 host_request_notification
+                io_connect_add_client
                 io_connect_async_method
+                io_connect_map_memory_into_task
                 io_connect_method
                 io_connect_set_notification_port_64
                 io_iterator_next
@@ -1292,6 +1297,7 @@
                 mach_vm_copy
                 mach_vm_map_external
                 mach_vm_region
+                mach_vm_region_recurse
                 mach_vm_remap_external
                 semaphore_create
                 semaphore_destroy

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes