Title: [283327] trunk/Source/WebKit
- Revision
- 283327
- Author
- pvol...@apple.com
- Date
- 2021-09-30 13:05:31 -0700 (Thu, 30 Sep 2021)
Log Message
Add syscall filter telemetry for the Networking process
https://bugs.webkit.org/show_bug.cgi?id=230961
<rdar://problem/83674634>
Reviewed by Brent Fulgham.
Add syscall filter telemetry for the Networking process on iOS and macOS.
Syscalls that are known to be used are added without telemetry.
* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (283326 => 283327)
--- trunk/Source/WebKit/ChangeLog 2021-09-30 20:05:20 UTC (rev 283326)
+++ trunk/Source/WebKit/ChangeLog 2021-09-30 20:05:31 UTC (rev 283327)
@@ -1,5 +1,19 @@
2021-09-30 Per Arne <pvol...@apple.com>
+ Add syscall filter telemetry for the Networking process
+ https://bugs.webkit.org/show_bug.cgi?id=230961
+ <rdar://problem/83674634>
+
+ Reviewed by Brent Fulgham.
+
+ Add syscall filter telemetry for the Networking process on iOS and macOS.
+ Syscalls that are known to be used are added without telemetry.
+
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+
+2021-09-30 Per Arne <pvol...@apple.com>
+
[macOS] Reduce sandbox telemetry
https://bugs.webkit.org/show_bug.cgi?id=231026
<rdar://83694937>
Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (283326 => 283327)
--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-09-30 20:05:20 UTC (rev 283326)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-09-30 20:05:31 UTC (rev 283327)
@@ -519,3 +519,72 @@
(allow file-read* (with telemetry)
(prefix "/private/var/db/com.apple.networkextension.")
)
+
+(when (defined? 'syscall-unix)
+ (allow syscall-unix (with telemetry))
+ (allow syscall-unix (syscall-number
+ SYS___channel_get_info
+ SYS___channel_sync
+ SYS___disable_threadsignal
+ SYS___mac_syscall
+ SYS_access
+ SYS_bsdthread_create
+ SYS_bsdthread_ctl
+ SYS_bsdthread_terminate
+ SYS_change_fdguard_np
+ SYS_csrctl
+ SYS_fcntl
+ SYS_fcntl_nocancel
+ SYS_fsgetpath
+ SYS_fstat
+ SYS_fstatat
+ SYS_fstatfs
+ SYS_fsync
+ SYS_ftruncate
+ SYS_getattrlist
+ SYS_getaudit_addr
+ SYS_getdirentries
+ SYS_getentropy
+ SYS_geteuid
+ SYS_getfsstat
+ SYS_getrlimit
+ SYS_gettimeofday
+ SYS_getuid
+ SYS_guarded_close_np
+ SYS_guarded_open_np
+ SYS_guarded_pwrite_np
+ SYS_iopolicysys
+ SYS_issetugid
+ SYS_kevent_id
+ SYS_kevent_qos
+ SYS_lseek
+ SYS_lstat
+ SYS_madvise
+ SYS_mkdirat
+ SYS_mmap
+ SYS_mprotect
+ SYS_msync
+ SYS_munmap
+ SYS_necp_client_action
+ SYS_necp_open
+ SYS_pathconf
+ SYS_pread
+ SYS_pread_nocancel
+ SYS_psynch_cvbroad
+ SYS_psynch_cvsignal
+ SYS_psynch_cvwait
+ SYS_psynch_mutexdrop
+ SYS_psynch_mutexwait
+ SYS_psynch_rw_unlock
+ SYS_psynch_rw_wrlock
+ SYS_read
+ SYS_rmdir
+ SYS_select
+ SYS_setattrlistat
+ SYS_setrlimit
+ SYS_stat
+ SYS_statfs
+ SYS_thread_selfid
+ SYS_ulock_wait
+ SYS_ulock_wake
+ SYS_workq_kernreturn)))
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (283326 => 283327)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-09-30 20:05:20 UTC (rev 283326)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-09-30 20:05:31 UTC (rev 283327)
@@ -693,3 +693,134 @@
;; Needed for TCC.
(allow mach-lookup (with telemetry)
(global-name "com.apple.tccd"))
+
+(when (defined? 'syscall-unix)
+ (allow syscall-unix (with telemetry))
+ (allow syscall-unix (syscall-number
+ SYS___channel_get_info
+ SYS___channel_open
+ SYS___channel_sync
+ SYS___disable_threadsignal
+ SYS___mac_syscall
+ SYS_access
+ SYS_bind
+ SYS_bsdthread_create
+ SYS_bsdthread_ctl
+ SYS_bsdthread_register
+ SYS_bsdthread_terminate
+ SYS_change_fdguard_np
+ SYS_chdir
+ SYS_close
+ SYS_close_nocancel
+ SYS_connect
+ SYS_connect_nocancel
+ SYS_csops
+ SYS_csops_audittoken
+ SYS_exit
+ SYS_fcntl
+ SYS_fcntl_nocancel
+ SYS_fsgetpath
+ SYS_fstat64
+ SYS_fstatat64
+ SYS_fstatfs64
+ SYS_fsync
+ SYS_ftruncate
+ SYS_getattrlist
+ SYS_getdirentries64
+ SYS_getegid
+ SYS_getentropy
+ SYS_geteuid
+ SYS_getfsstat64
+ SYS_getgid
+ SYS_getpid
+ SYS_getrlimit
+ SYS_getsockname
+ SYS_getsockopt
+ SYS_gettid
+ SYS_gettimeofday
+ SYS_getuid
+ SYS_guarded_close_np
+ SYS_guarded_open_dprotected_np
+ SYS_guarded_open_np
+ SYS_guarded_pwrite_np
+ SYS_ioctl
+ SYS_iopolicysys
+ SYS_issetugid
+ SYS_kdebug_trace64
+ SYS_kdebug_trace_string
+ SYS_kdebug_typefilter
+ SYS_kevent
+ SYS_kevent_id
+ SYS_kevent_qos
+ SYS_kqueue
+ SYS_link
+ SYS_listxattr
+ SYS_lseek
+ SYS_lstat64
+ SYS_madvise
+ SYS_memorystatus_control
+ SYS_mkdir
+ SYS_mkdirat
+ SYS_mmap
+ SYS_mprotect
+ SYS_msync
+ SYS_munmap
+ SYS_necp_client_action
+ SYS_necp_open
+ SYS_objc_bp_assist_cfg_np
+ SYS_open
+ SYS_open_dprotected_np
+ SYS_open_nocancel
+ SYS_openat
+ SYS_os_fault_with_payload
+ SYS_pathconf
+ SYS_pipe
+ SYS_pread
+ SYS_pread_nocancel
+ SYS_proc_info
+ SYS_pselect
+ SYS_psynch_cvbroad
+ SYS_psynch_cvclrprepost
+ SYS_psynch_cvsignal
+ SYS_psynch_cvwait
+ SYS_psynch_mutexdrop
+ SYS_psynch_mutexwait
+ SYS_pwrite_nocancel
+ SYS_read
+ SYS_read_nocancel
+ SYS_readlink
+ SYS_recvfrom
+ SYS_recvfrom_nocancel
+ SYS_recvmsg
+ SYS_rename
+ SYS_rmdir
+ SYS_select
+ SYS_select_nocancel
+ SYS_sem_close
+ SYS_sem_open
+ SYS_sendmsg_nocancel
+ SYS_sendto
+ SYS_sendto_nocancel
+ SYS_setattrlistat
+ SYS_setrlimit
+ SYS_setsockopt
+ SYS_setxattr
+ SYS_shared_region_check_np
+ SYS_shm_open
+ SYS_shutdown
+ SYS_sigaction
+ SYS_socket
+ SYS_socketpair
+ SYS_stat64
+ SYS_statfs64
+ SYS_sysctl
+ SYS_sysctlbyname
+ SYS_thread_selfid
+ SYS_ulock_wait
+ SYS_ulock_wake
+ SYS_unlink
+ SYS_workq_kernreturn
+ SYS_workq_open
+ SYS_write
+ SYS_write_nocancel
+ SYS_writev)))
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
