[webkit-changes] [285886] trunk/Source/WebKit

[pvollan]

Title: [285886] trunk/Source/WebKit

Revision

285886

Author

pvol...@apple.com

Date

2021-11-16 14:46:04 -0800 (Tue, 16 Nov 2021)

Log Message

[iOS] Limit graphics related IOKit method filtering
https://bugs.webkit.org/show_bug.cgi?id=233209
<rdar://problem/85473581>

Reviewed by Brent Fulgham.

Limit graphics related IOKit method filtering based on OS version. This patch also adds an entitlement which
will enable a replacement for the disabled filtering.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
* Scripts/process-entitlements.sh:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in
• trunk/Source/WebKit/Scripts/process-entitlements.sh

Diff

Modified: trunk/Source/WebKit/ChangeLog (285885 => 285886)

--- trunk/Source/WebKit/ChangeLog	2021-11-16 22:32:39 UTC (rev 285885)
+++ trunk/Source/WebKit/ChangeLog	2021-11-16 22:46:04 UTC (rev 285886)
@@ -1,3 +1,17 @@
+2021-11-16  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Limit graphics related IOKit method filtering
+        https://bugs.webkit.org/show_bug.cgi?id=233209
+        <rdar://problem/85473581>
+
+        Reviewed by Brent Fulgham.
+
+        Limit graphics related IOKit method filtering based on OS version. This patch also adds an entitlement which
+        will enable a replacement for the disabled filtering.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+        * Scripts/process-entitlements.sh:
+
 2021-11-16  Myles C. Maxfield  <mmaxfi...@apple.com>
 
         [WebGPU] Start preparing for serializing commands to the GPU process

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (285885 => 285886)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2021-11-16 22:32:39 UTC (rev 285885)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2021-11-16 22:46:04 UTC (rev 285886)
@@ -261,7 +261,7 @@
                     iokit-external-method
                 )
                 (allow iokit-async-external-method
-#if PLATFORM(IOS)
+#if PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED < 160000
                     (iokit-method-number
                         43
                         44
@@ -269,7 +269,7 @@
 #endif
                 )
                 (allow iokit-external-method
-#if PLATFORM(IOS)
+#if PLATFORM(IOS) && __IPHONE_OS_VERSION_MIN_REQUIRED < 160000
                     (iokit-method-number
                         0
                         2

Modified: trunk/Source/WebKit/Scripts/process-entitlements.sh (285885 => 285886)

--- trunk/Source/WebKit/Scripts/process-entitlements.sh	2021-11-16 22:32:39 UTC (rev 285885)
+++ trunk/Source/WebKit/Scripts/process-entitlements.sh	2021-11-16 22:46:04 UTC (rev 285886)
@@ -32,6 +32,10 @@
         then
             plistbuddy add :com.apple.coreaudio.allow-vorbis-decode bool YES
         fi
+        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 130000 ))
+        then
+            plistbuddy Add :com.apple.private.gpu-restricted bool YES
+        fi
     fi
 
     mac_process_webcontent_or_plugin_entitlements
@@ -61,6 +65,11 @@
             plistbuddy Add :com.apple.security.cs.jit-write-allowlist bool YES
         fi
 
+        if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 130000 ))
+        then
+            plistbuddy Add :com.apple.private.gpu-restricted bool YES
+        fi
+
         plistbuddy Add :com.apple.private.memory.ownership_transfer bool YES
         plistbuddy Add :com.apple.private.webkit.use-xpc-endpoint bool YES
         plistbuddy Add :com.apple.rootless.storage.WebKitGPUSandbox bool YES
@@ -280,6 +289,7 @@
     plistbuddy Add :com.apple.private.allow-explicit-graphics-priority bool YES
     plistbuddy Add :com.apple.private.coremedia.extensions.audiorecording.allow bool YES
     plistbuddy Add :com.apple.private.coremedia.pidinheritance.allow bool YES
+    plistbuddy Add :com.apple.private.gpu-restricted bool YES
     plistbuddy Add :com.apple.private.memorystatus bool YES
     plistbuddy Add :com.apple.private.network.socket-delegate bool YES
     plistbuddy Add :com.apple.private.pac.exception bool YES
@@ -308,6 +318,7 @@
     plistbuddy Add :com.apple.mediaremote.set-playback-state bool YES
     plistbuddy Add :com.apple.private.allow-explicit-graphics-priority bool YES
     plistbuddy Add :com.apple.private.coremedia.extensions.audiorecording.allow bool YES
+    plistbuddy Add :com.apple.private.gpu-restricted bool YES
     plistbuddy Add :com.apple.private.mediaexperience.startrecordinginthebackground.allow bool YES
     plistbuddy Add :com.apple.private.mediaexperience.processassertionaudittokens.allow bool YES
     plistbuddy Add :com.apple.private.coremedia.pidinheritance.allow bool YES

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes