[webkit-changes] [283122] trunk/Source/WebKit

[pvollan]

Title: [283122] trunk/Source/WebKit

Revision

283122

Author

pvol...@apple.com

Date

2021-09-27 09:35:47 -0700 (Mon, 27 Sep 2021)

Log Message

[iOS][GPUP] Remove access to unused mach services in sandbox
https://bugs.webkit.org/show_bug.cgi?id=230832
<rdar://problem/83573640>

Reviewed by Brent Fulgham.

Remove access to mach services on iOS in the GPU process that are unused, according to telemetry.

* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb

Diff

Modified: trunk/Source/WebKit/ChangeLog (283121 => 283122)

--- trunk/Source/WebKit/ChangeLog	2021-09-27 16:29:41 UTC (rev 283121)
+++ trunk/Source/WebKit/ChangeLog	2021-09-27 16:35:47 UTC (rev 283122)
@@ -1,3 +1,15 @@
+2021-09-27  Per Arne  <pvol...@apple.com>
+
+        [iOS][GPUP] Remove access to unused mach services in sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=230832
+        <rdar://problem/83573640>
+
+        Reviewed by Brent Fulgham.
+
+        Remove access to mach services on iOS in the GPU process that are unused, according to telemetry.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+
 2021-09-27  BJ Burg  <bb...@apple.com>
 
         [Cocoa] backport showConsole() and showResources() for RemoteWebInspectorUI

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (283121 => 283122)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-09-27 16:29:41 UTC (rev 283121)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-09-27 16:35:47 UTC (rev 283122)
@@ -204,8 +204,6 @@
         "com.apple.mobileipod")
     (allow mach-lookup
            (global-name "com.apple.mediaremoted.xpc"))
-    (allow mach-lookup (with report) (with telemetry)
-        (xpc-service-name "com.apple.MediaPlayer.RemotePlayerService"))
 )
 
 (define-once (media-capture-support)
@@ -393,11 +391,6 @@
     (allow mach-lookup
         (global-name "com.apple.CARenderServer"))
 
-    (allow mach-lookup (with report) (with telemetry)
-        (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")
-        (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371>
-    )
-
     ; UIKit-required IOKit nodes.
     (allow iokit-open
         (iokit-user-client-class "IOSurfaceAcceleratorClient")
@@ -672,9 +665,6 @@
 
 (speech-synthesis-and-voiceover)
 
-(allow mach-lookup (with report) (with telemetry)
-    (global-name "com.apple.audio.AudioComponentRegistrar"))
-
 ;; Permit reading assets via MobileAsset framework.
 (asset-access 'with-media-playback)
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes