[webkit-changes] [269202] trunk/Source/WebKit

Fri, 30 Oct 2020 11:08:38 -0700

Title: [269202] trunk/Source/WebKit
Revision
269202
Author
bfulg...@apple.com
Date
2020-10-30 11:06:27 -0700 (Fri, 30 Oct 2020)

Log Message

Correct sandbox violations in GPU Process
https://bugs.webkit.org/show_bug.cgi?id=218356
<rdar://problem/70574999>

Reviewed by Eric Carlson.

The new GPU Process sandbox is missing 'sysctl.name2oid' from the allow list, even though
we allow it everywhere else. We need this for proper function.

* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (269201 => 269202)


--- trunk/Source/WebKit/ChangeLog	2020-10-30 18:06:27 UTC (rev 269201)
+++ trunk/Source/WebKit/ChangeLog	2020-10-30 18:06:27 UTC (rev 269202)
@@ -1,3 +1,17 @@
+2020-10-30  Brent Fulgham  <bfulg...@apple.com>
+
+        Correct sandbox violations in GPU Process
+        https://bugs.webkit.org/show_bug.cgi?id=218356
+        <rdar://problem/70574999>
+
+        Reviewed by Eric Carlson.
+
+        The new GPU Process sandbox is missing 'sysctl.name2oid' from the allow list, even though
+        we allow it everywhere else. We need this for proper function.
+
+        * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+
 2020-10-30  Simon Fraser  <simon.fra...@apple.com>
 
         Convert ScrollingTreeNode change flags to an OptionSet<>

Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (269201 => 269202)


--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2020-10-30 18:06:27 UTC (rev 269201)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2020-10-30 18:06:27 UTC (rev 269202)
@@ -173,6 +173,7 @@
         "kern.version"
         "machdep.cpu.brand_string"
         "security.mac.sandbox.sentinel"
+        "sysctl.name2oid"
         "kern.tcsm_enable"
         "kern.tcsm_available"
         "vm.footprint_suspend")

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (269201 => 269202)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-10-30 18:06:27 UTC (rev 269201)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-10-30 18:06:27 UTC (rev 269202)
@@ -791,6 +791,7 @@
         "kern.osversion"
         "kern.secure_kernel"
         "kern.version"
+        "sysctl.name2oid"
         "vm.footprint_suspend"))
 
 (allow iokit-get-properties

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to