[webkit-changes] [268181] trunk

[pvollan]

Title: [268181] trunk

Revision

268181

Author

pvol...@apple.com

Date

2020-10-08 06:45:50 -0700 (Thu, 08 Oct 2020)

Log Message

[macOS] Deny access to performance analysis service in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=217452
Source/WebKit:

<rdar://problem/68878318>

Reviewed by Youenn Fablet.

It has been confirmed that mach-lookup to 'com.apple.PerformanceAnalysis.animationperfd' can be denied in the WebContent process on macOS.

Test: fast/sandbox/sandbox-mach-lookup.html

* WebProcess/com.apple.WebProcess.sb.in:

LayoutTests:

Reviewed by Youenn Fablet.

* fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
* fast/sandbox/mac/sandbox-mach-lookup.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt
• trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: trunk/LayoutTests/ChangeLog (268180 => 268181)

--- trunk/LayoutTests/ChangeLog	2020-10-08 13:23:12 UTC (rev 268180)
+++ trunk/LayoutTests/ChangeLog	2020-10-08 13:45:50 UTC (rev 268181)
@@ -1,3 +1,13 @@
+2020-10-08  Per Arne Vollan  <pvol...@apple.com>
+
+        [macOS] Deny access to performance analysis service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=217452
+
+        Reviewed by Youenn Fablet.
+
+        * fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/mac/sandbox-mach-lookup.html:
+
 2020-10-08  Noam Rosenthal  <n...@webkit.org>
 
         REGRESSION (r268138): [ iOS Mojave+ ] imported/w3c/web-platform-tests/css/css-masking/clip-path/svg-clipPath.svg is missing expected results

Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (268180 => 268181)

--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2020-10-08 13:23:12 UTC (rev 268180)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2020-10-08 13:45:50 UTC (rev 268181)
@@ -10,4 +10,5 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.system.logger") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.awdd") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
+PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
 

Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html (268180 => 268181)

--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html	2020-10-08 13:23:12 UTC (rev 268180)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html	2020-10-08 13:45:50 UTC (rev 268181)
@@ -13,6 +13,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.system.logger\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.awdd\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.cookied\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.PerformanceAnalysis.animationperfd\")");
 }
 </script>
 </head>

Modified: trunk/Source/WebKit/ChangeLog (268180 => 268181)

--- trunk/Source/WebKit/ChangeLog	2020-10-08 13:23:12 UTC (rev 268180)
+++ trunk/Source/WebKit/ChangeLog	2020-10-08 13:45:50 UTC (rev 268181)
@@ -1,3 +1,17 @@
+2020-10-08  Per Arne Vollan  <pvol...@apple.com>
+
+        [macOS] Deny access to performance analysis service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=217452
+        <rdar://problem/68878318>
+
+        Reviewed by Youenn Fablet.
+
+        It has been confirmed that mach-lookup to 'com.apple.PerformanceAnalysis.animationperfd' can be denied in the WebContent process on macOS.
+
+        Test: fast/sandbox/sandbox-mach-lookup.html
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2020-10-08  Saagar Jha  <saa...@saagarjha.com>
 
         Replace unqualified use of PlatformDisplayID in WebViewImpl

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (268180 => 268181)

--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-10-08 13:23:12 UTC (rev 268180)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-10-08 13:45:50 UTC (rev 268181)
@@ -459,7 +459,6 @@
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 110000
     (with report) (with telemetry-backtrace)
 #endif
-    (xpc-service-name "com.apple.PerformanceAnalysis.animationperfd")
     (xpc-service-name "com.apple.audio.SandboxHelper")
     (xpc-service-name "com.apple.hiservices-xpcservice")
     (xpc-service-name "com.apple.print.normalizerd")

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes