Title: [286469] trunk/Source/WebKit
- Revision
- 286469
- Author
- pvol...@apple.com
- Date
- 2021-12-02 17:14:02 -0800 (Thu, 02 Dec 2021)
Log Message
[WP][iOS] Add telemetry to determine which system calls are only used on process launch
https://bugs.webkit.org/show_bug.cgi?id=233649
<rdar://problem/85875930>
Reviewed by Brent Fulgham.
Add telemetry to determine which system calls are only used on WebContent process launch on iOS.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::create):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (286468 => 286469)
--- trunk/Source/WebKit/ChangeLog 2021-12-03 01:03:15 UTC (rev 286468)
+++ trunk/Source/WebKit/ChangeLog 2021-12-03 01:14:02 UTC (rev 286469)
@@ -1,5 +1,19 @@
2021-12-02 Per Arne Vollan <pvol...@apple.com>
+ [WP][iOS] Add telemetry to determine which system calls are only used on process launch
+ https://bugs.webkit.org/show_bug.cgi?id=233649
+ <rdar://problem/85875930>
+
+ Reviewed by Brent Fulgham.
+
+ Add telemetry to determine which system calls are only used on WebContent process launch on iOS.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::create):
+
+2021-12-02 Per Arne Vollan <pvol...@apple.com>
+
[WP] Strengthen sandbox when AppCache is disabled
https://bugs.webkit.org/show_bug.cgi?id=233746
<rdar://problem/85953893>
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (286468 => 286469)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-12-03 01:03:15 UTC (rev 286468)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-12-03 01:14:02 UTC (rev 286469)
@@ -1195,177 +1195,211 @@
(disable-syscall-inference)
+#if HAVE(SANDBOX_STATE_FLAGS)
+(deny user-preference-read (with enable-state-flag "WebContentProcessLaunched")
+ (preference-domain "com.apple.WebKit.WebContent.Launch"))
+#endif
+
+(define (syscall-unix-only-in-use-during-launch)
+ (syscall-number
+ SYS_bsdthread_register
+ SYS_chdir
+ SYS_csops ;; used by Corefoundation initialization
+ SYS_dup2
+ SYS_fileport_makefd
+ SYS_fsgetpath
+ SYS_getegid
+ SYS_getpid
+ SYS_getrlimit
+ SYS_gettid
+ SYS_getuid
+ SYS_ioctl ;; needed by tcgetattr (TIOCGETA - debugging
+ SYS_kdebug_trace_string
+ SYS_kdebug_typefilter
+ SYS_objc_bp_assist_cfg_np
+ SYS_os_fault_with_payload
+ SYS_shared_region_check_np
+ SYS_shm_open
+ SYS_sigaction
+ SYS_sysctl
+ SYS_workq_open
+ SYS_writev))
+
+(define (syscall-unix-in-use-after-launch)
+ (syscall-number
+ SYS___disable_threadsignal
+ SYS___mac_syscall
+ SYS_abort_with_payload ;; <rdar://problem/50967271>
+ SYS_access
+ SYS_bsdthread_create
+ SYS_bsdthread_ctl
+ SYS_bsdthread_terminate
+ SYS_change_fdguard_np
+ SYS_close
+ SYS_close_nocancel
+ SYS_csops_audittoken ;; used by WK to get entitlments
+ SYS_exit
+ SYS_faccessat ;; <rdar://problem/56998930>
+ SYS_fcntl
+ SYS_fcntl_nocancel
+ SYS_fgetattrlist ;; <rdar://problem/50266257>
+ SYS_flock
+ SYS_fsetattrlist ;; MTLCompilerFSCache::openSync
+ SYS_fsetxattr ;; <rdar://problem/49795964>
+ SYS_fstat64
+ SYS_fstat64_extended ;; <rdar://problem/61310019>
+ SYS_fstatfs64
+ SYS_ftruncate
+ SYS_getattrlist ;; xpc_realpath and directory enumeration
+ SYS_getdirentries64
+ SYS_getentropy
+ SYS_geteuid
+ SYS_getfsstat64
+ SYS_getrusage
+ SYS_gettimeofday
+ SYS_guarded_close_np
+ SYS_guarded_open_dprotected_np ; <rdar://problem/48166729>
+ SYS_guarded_open_np
+ SYS_guarded_pwrite_np
+ SYS_issetugid
+ SYS_kdebug_trace64
+ SYS_kevent_id
+ SYS_kevent_qos
+ SYS_kqueue ;; <rdar://problem/49609201>
+ SYS_kqueue_workloop_ctl ;; <rdar://problem/50999499>
+ SYS_listxattr
+ SYS_lseek
+ SYS_lstat64
+ SYS_madvise
+ SYS_memorystatus_control
+ SYS_mkdir
+ SYS_mmap
+ SYS_mprotect
+ SYS_msync
+ SYS_munmap
+ SYS_open
+ SYS_open_nocancel
+ SYS_openat
+ SYS_pathconf
+ SYS_pread
+ SYS_proc_info
+ SYS_psynch_cvbroad
+ SYS_psynch_cvclrprepost
+ SYS_psynch_cvsignal
+ SYS_psynch_cvwait
+ SYS_psynch_mutexdrop
+ SYS_psynch_mutexwait
+ SYS_psynch_rw_rdlock ;; <rdar://problem/51134351>
+ SYS_psynch_rw_unlock
+ SYS_read
+ SYS_read_nocancel
+ SYS_readlink
+ SYS_rename
+ SYS_sem_close
+ SYS_sem_open
+ SYS_shared_region_map_and_slide_2_np ;; <rdar://problem/60294880>
+ SYS_stat64
+ SYS_statfs64
+ SYS_sysctlbyname
+ SYS_thread_selfid
+ SYS_ulock_wait
+ SYS_ulock_wait2 ;; <rdar://problem/58743778>
+ SYS_ulock_wake
+ SYS_workq_kernreturn
+ SYS_write_nocancel))
+
+(define (syscall-unix-rarely-in-use)
+ (syscall-number
+ SYS_fgetxattr
+ SYS_getgid
+ SYS_getxattr
+ SYS_necp_client_action
+ SYS_necp_open
+ SYS_sendto
+ SYS_setrlimit
+ SYS_sigaltstack
+ SYS_socket
+ SYS_thread_selfusage))
+
+(define (syscall-unix-possibly-not-in-use)
+ (syscall-number
+ SYS___pthread_kill
+ SYS___pthread_markcancel
+ SYS___pthread_sigmask
+ SYS___semwait_signal
+ SYS___semwait_signal_nocancel
+ SYS_chmod
+ SYS_connect
+ SYS_connect_nocancel
+ SYS_connectx
+ SYS_csrctl
+ SYS_dup
+ SYS_fchmod
+ SYS_fileport_makeport
+ SYS_fstatat64
+ SYS_fsync
+ SYS_getattrlistbulk ;; xpc_realpath and directory enumeration
+ SYS_getaudit_addr
+ SYS_getpeername
+ SYS_getsockopt ;; used by libwebrtc
+ SYS_kdebug_trace
+ SYS_mkdirat
+ SYS_mlock
+ SYS_mremap_encrypted
+ SYS_munlock
+ SYS_open_dprotected_np
+ SYS_openat_nocancel
+ SYS_persona
+ SYS_pipe
+ SYS_pread_nocancel
+ SYS_proc_rlimit_control
+ SYS_process_policy
+ SYS_psynch_rw_wrlock
+ SYS_pwrite
+ SYS_recvfrom
+ SYS_recvfrom_nocancel
+ SYS_rmdir
+ SYS_select
+ SYS_select_nocancel
+ SYS_sem_post
+ SYS_sem_wait
+ SYS_sendmsg_nocancel
+ SYS_sendto_nocancel
+ SYS_setpriority
+ SYS_setsockopt
+ SYS_shutdown
+ SYS_sigprocmask
+ SYS_sigreturn
+ SYS_socketpair
+ SYS_umask
+ SYS_unlink
+ SYS_work_interval_ctl
+ SYS_write
+ SYS_writev))
+
(when (defined? 'syscall-unix)
(deny syscall-unix (with send-signal SIGKILL))
(allow syscall-unix
- (syscall-number SYS___disable_threadsignal)
- (syscall-number SYS___mac_syscall)
- (syscall-number SYS_abort_with_payload) ;; <rdar://problem/50967271>
- (syscall-number SYS_access)
- (syscall-number SYS_bsdthread_create)
- (syscall-number SYS_bsdthread_ctl)
- (syscall-number SYS_bsdthread_register)
- (syscall-number SYS_bsdthread_terminate)
- (syscall-number SYS_change_fdguard_np)
- (syscall-number SYS_chdir)
- (syscall-number SYS_close)
- (syscall-number SYS_close_nocancel)
- (syscall-number SYS_csops) ;; used by Corefoundation initialization
- (syscall-number SYS_csops_audittoken) ;; used by WK to get entitlments
- (syscall-number SYS_exit)
- (syscall-number SYS_faccessat) ;; <rdar://problem/56998930>
- (syscall-number SYS_fcntl)
- (syscall-number SYS_fcntl_nocancel)
- (syscall-number SYS_fgetattrlist) ;; <rdar://problem/50266257>
- (syscall-number SYS_flock)
- (syscall-number SYS_fsetattrlist) ;; MTLCompilerFSCache::openSync
- (syscall-number SYS_fsetxattr) ;; <rdar://problem/49795964>
- (syscall-number SYS_fsgetpath)
- (syscall-number SYS_fstat64)
- (syscall-number SYS_fstat64_extended) ;; <rdar://problem/61310019>
- (syscall-number SYS_fstatfs64)
- (syscall-number SYS_ftruncate)
- (syscall-number SYS_getattrlist) ;; xpc_realpath and directory enumeration
- (syscall-number SYS_getdirentries64)
- (syscall-number SYS_getegid)
- (syscall-number SYS_getentropy)
- (syscall-number SYS_geteuid)
- (syscall-number SYS_getfsstat64)
- (syscall-number SYS_getpid)
- (syscall-number SYS_getrlimit)
- (syscall-number SYS_getrusage)
- (syscall-number SYS_gettid)
- (syscall-number SYS_gettimeofday)
- (syscall-number SYS_getuid)
- (syscall-number SYS_guarded_close_np)
- (syscall-number SYS_guarded_open_dprotected_np) ; <rdar://problem/48166729>
- (syscall-number SYS_guarded_open_np)
- (syscall-number SYS_guarded_pwrite_np)
- (syscall-number SYS_ioctl) ;; needed by tcgetattr (TIOCGETA) - debugging
- (syscall-number SYS_issetugid)
- (syscall-number SYS_kdebug_trace64)
- (syscall-number SYS_kdebug_typefilter)
- (syscall-number SYS_kevent_id)
- (syscall-number SYS_kevent_qos)
- (syscall-number SYS_kqueue) ;; <rdar://problem/49609201>
- (syscall-number SYS_kqueue_workloop_ctl) ;; <rdar://problem/50999499>
- (syscall-number SYS_listxattr)
- (syscall-number SYS_lseek)
- (syscall-number SYS_lstat64)
- (syscall-number SYS_madvise)
- (syscall-number SYS_memorystatus_control)
- (syscall-number SYS_mkdir)
- (syscall-number SYS_mmap)
- (syscall-number SYS_mprotect)
- (syscall-number SYS_msync)
- (syscall-number SYS_munmap)
- (syscall-number SYS_objc_bp_assist_cfg_np)
- (syscall-number SYS_open)
- (syscall-number SYS_open_nocancel)
- (syscall-number SYS_openat)
- (syscall-number SYS_os_fault_with_payload)
- (syscall-number SYS_pathconf)
- (syscall-number SYS_pread)
- (syscall-number SYS_proc_info)
- (syscall-number SYS_psynch_cvbroad)
- (syscall-number SYS_psynch_cvclrprepost)
- (syscall-number SYS_psynch_cvsignal)
- (syscall-number SYS_psynch_cvwait)
- (syscall-number SYS_psynch_mutexdrop)
- (syscall-number SYS_psynch_mutexwait)
- (syscall-number SYS_psynch_rw_rdlock) ;; <rdar://problem/51134351>
- (syscall-number SYS_psynch_rw_unlock)
- (syscall-number SYS_read)
- (syscall-number SYS_read_nocancel)
- (syscall-number SYS_readlink)
- (syscall-number SYS_rename)
- (syscall-number SYS_sem_close)
- (syscall-number SYS_sem_open)
- (syscall-number SYS_shared_region_check_np)
- (syscall-number SYS_shared_region_map_and_slide_2_np) ;; <rdar://problem/60294880>
- (syscall-number SYS_shm_open)
- (syscall-number SYS_sigaction)
- (syscall-number SYS_stat64)
- (syscall-number SYS_statfs64)
- (syscall-number SYS_sysctl)
- (syscall-number SYS_sysctlbyname)
- (syscall-number SYS_thread_selfid)
- (syscall-number SYS_ulock_wait)
- (syscall-number SYS_ulock_wait2) ;; <rdar://problem/58743778>
- (syscall-number SYS_ulock_wake)
- (syscall-number SYS_workq_kernreturn)
- (syscall-number SYS_workq_open)
- (syscall-number SYS_write_nocancel))
+ (syscall-unix-only-in-use-during-launch)
+ (syscall-unix-in-use-after-launch))
+#if HAVE(SANDBOX_STATE_FLAGS)
+ (with-filter (require-not (state-flag "WebContentProcessLaunched"))
+ (allow syscall-unix
+ (syscall-unix-only-in-use-during-launch)))
+ (with-filter (state-flag "WebContentProcessLaunched")
+ (allow syscall-unix
+ (with report)
+ (with telemetry)
+ (with message "Unix syscall used after launch")
+ (syscall-unix-only-in-use-during-launch)))
+#endif
+
(allow syscall-unix (with telemetry)
- (syscall-number SYS_fgetxattr)
- (syscall-number SYS_getgid)
- (syscall-number SYS_getxattr)
- (syscall-number SYS_necp_client_action)
- (syscall-number SYS_necp_open)
- (syscall-number SYS_sendto)
- (syscall-number SYS_setrlimit)
- (syscall-number SYS_sigaltstack)
- (syscall-number SYS_socket)
- (syscall-number SYS_thread_selfusage)
- )
+ (syscall-unix-rarely-in-use))
(allow syscall-unix (with report) (with telemetry-backtrace)
- (syscall-number SYS___pthread_kill)
- (syscall-number SYS___pthread_markcancel)
- (syscall-number SYS___pthread_sigmask)
- (syscall-number SYS___semwait_signal)
- (syscall-number SYS___semwait_signal_nocancel)
- (syscall-number SYS_chmod)
- (syscall-number SYS_connect)
- (syscall-number SYS_connect_nocancel)
- (syscall-number SYS_connectx)
- (syscall-number SYS_csrctl)
- (syscall-number SYS_dup)
- (syscall-number SYS_dup2)
- (syscall-number SYS_fchmod)
- (syscall-number SYS_fileport_makefd)
- (syscall-number SYS_fileport_makeport)
- (syscall-number SYS_fstatat64)
- (syscall-number SYS_fsync)
- (syscall-number SYS_getattrlistbulk) ;; xpc_realpath and directory enumeration
- (syscall-number SYS_getaudit_addr)
- (syscall-number SYS_getpeername)
- (syscall-number SYS_getsockopt) ;; used by libwebrtc
- (syscall-number SYS_kdebug_trace)
- (syscall-number SYS_mkdirat)
- (syscall-number SYS_mlock)
- (syscall-number SYS_mremap_encrypted)
- (syscall-number SYS_munlock)
- (syscall-number SYS_open_dprotected_np)
- (syscall-number SYS_openat_nocancel)
- (syscall-number SYS_persona)
- (syscall-number SYS_pipe)
- (syscall-number SYS_pread_nocancel)
- (syscall-number SYS_proc_rlimit_control)
- (syscall-number SYS_process_policy)
- (syscall-number SYS_psynch_rw_wrlock)
- (syscall-number SYS_pwrite)
- (syscall-number SYS_recvfrom)
- (syscall-number SYS_recvfrom_nocancel)
- (syscall-number SYS_rmdir)
- (syscall-number SYS_select)
- (syscall-number SYS_select_nocancel)
- (syscall-number SYS_sem_post)
- (syscall-number SYS_sem_wait)
- (syscall-number SYS_sendmsg_nocancel)
- (syscall-number SYS_sendto_nocancel)
- (syscall-number SYS_setpriority)
- (syscall-number SYS_setsockopt)
- (syscall-number SYS_shutdown)
- (syscall-number SYS_sigprocmask)
- (syscall-number SYS_sigreturn)
- (syscall-number SYS_socketpair)
- (syscall-number SYS_umask)
- (syscall-number SYS_unlink)
- (syscall-number SYS_work_interval_ctl)
- (syscall-number SYS_write)
- (syscall-number SYS_writev))
+ (syscall-unix-possibly-not-in-use))
)
(when (defined? 'SYS__map_with_linking_np)
@@ -1500,129 +1534,181 @@
)
)
+(define (syscall-mach-only-in-use-during-launch)
+ (machtrap-number
+ MSC_mach_generate_activity_id
+ MSC_mach_timebase_info_trap
+ MSC_swtch_pri
+ MSC_task_self_trap))
+
+(define (syscall-mach-in-use-after-launch)
+ (machtrap-number
+ MSC__kernelrpc_mach_port_allocate_trap
+ MSC__kernelrpc_mach_port_construct_trap
+ MSC__kernelrpc_mach_port_deallocate_trap
+ MSC__kernelrpc_mach_port_destruct_trap
+ MSC__kernelrpc_mach_port_extract_member_trap
+ MSC__kernelrpc_mach_port_get_attributes_trap
+ MSC__kernelrpc_mach_port_guard_trap
+ MSC__kernelrpc_mach_port_insert_member_trap
+ MSC__kernelrpc_mach_port_insert_right_trap
+ MSC__kernelrpc_mach_port_mod_refs_trap
+ MSC__kernelrpc_mach_port_request_notification_trap
+ MSC__kernelrpc_mach_port_type_trap
+ MSC__kernelrpc_mach_port_unguard_trap
+ MSC__kernelrpc_mach_vm_allocate_trap
+ MSC__kernelrpc_mach_vm_deallocate_trap
+ MSC__kernelrpc_mach_vm_map_trap
+ MSC__kernelrpc_mach_vm_protect_trap
+ MSC__kernelrpc_mach_vm_purgable_control_trap
+ MSC_host_create_mach_voucher_trap
+ MSC_host_self_trap
+ MSC_mach_msg_trap
+ MSC_mach_reply_port
+ MSC_mach_voucher_extract_attr_recipe_trap
+ MSC_mk_timer_arm
+ MSC_mk_timer_cancel
+ MSC_mk_timer_create
+ MSC_mk_timer_destroy
+ MSC_pid_for_task
+ MSC_semaphore_signal_trap
+ MSC_semaphore_timedwait_trap
+ MSC_semaphore_wait_trap
+ MSC_syscall_thread_switch
+ MSC_task_name_for_pid
+ MSC_thread_get_special_reply_port))
+
+(define (syscall-mach-possibly-unused)
+ (machtrap-number
+ MSC_mach_msg_overwrite_trap
+ MSC_mk_timer_arm_leeway
+ MSC_thread_self_trap))
+
(when (defined? 'syscall-mach)
(deny syscall-mach
- (machtrap-number MSC_mach_wait_until)
- )
+ (machtrap-number MSC_mach_wait_until))
+
(deny syscall-mach (with telemetry))
(allow syscall-mach
- (machtrap-number MSC__kernelrpc_mach_port_allocate_trap)
- (machtrap-number MSC__kernelrpc_mach_port_construct_trap)
- (machtrap-number MSC__kernelrpc_mach_port_deallocate_trap)
- (machtrap-number MSC__kernelrpc_mach_port_destruct_trap)
- (machtrap-number MSC__kernelrpc_mach_port_extract_member_trap)
- (machtrap-number MSC__kernelrpc_mach_port_get_attributes_trap)
- (machtrap-number MSC__kernelrpc_mach_port_guard_trap)
- (machtrap-number MSC__kernelrpc_mach_port_insert_member_trap)
- (machtrap-number MSC__kernelrpc_mach_port_insert_right_trap)
- (machtrap-number MSC__kernelrpc_mach_port_mod_refs_trap)
- (machtrap-number MSC__kernelrpc_mach_port_request_notification_trap)
- (machtrap-number MSC__kernelrpc_mach_port_type_trap)
- (machtrap-number MSC__kernelrpc_mach_port_unguard_trap)
- (machtrap-number MSC__kernelrpc_mach_vm_allocate_trap)
- (machtrap-number MSC__kernelrpc_mach_vm_deallocate_trap)
- (machtrap-number MSC__kernelrpc_mach_vm_map_trap)
- (machtrap-number MSC__kernelrpc_mach_vm_protect_trap)
- (machtrap-number MSC__kernelrpc_mach_vm_purgable_control_trap)
- (machtrap-number MSC_host_create_mach_voucher_trap)
- (machtrap-number MSC_host_self_trap)
- (machtrap-number MSC_mach_generate_activity_id)
- (machtrap-number MSC_mach_msg_trap)
- (machtrap-number MSC_mach_reply_port)
- (machtrap-number MSC_mach_timebase_info_trap)
- (machtrap-number MSC_mach_voucher_extract_attr_recipe_trap)
- (machtrap-number MSC_mk_timer_arm)
- (machtrap-number MSC_mk_timer_cancel)
- (machtrap-number MSC_mk_timer_create)
- (machtrap-number MSC_mk_timer_destroy)
- (machtrap-number MSC_pid_for_task)
- (machtrap-number MSC_semaphore_signal_trap)
- (machtrap-number MSC_semaphore_timedwait_trap)
- (machtrap-number MSC_semaphore_wait_trap)
- (machtrap-number MSC_syscall_thread_switch)
- (machtrap-number MSC_task_name_for_pid)
- (machtrap-number MSC_task_self_trap)
- (machtrap-number MSC_thread_get_special_reply_port))
+ (syscall-mach-only-in-use-during-launch)
+ (syscall-mach-in-use-after-launch))
+
(when (defined? 'MSC_mach_msg2_trap)
(allow syscall-mach
- (machtrap-number MSC_mach_msg2_trap)
- )
- )
+ (machtrap-number MSC_mach_msg2_trap)))
+#if HAVE(SANDBOX_STATE_FLAGS)
+ (with-filter (require-not (state-flag "WebContentProcessLaunched"))
+ (allow syscall-mach
+ (syscall-mach-only-in-use-during-launch)))
+ (with-filter (state-flag "WebContentProcessLaunched")
+ (allow syscall-mach
+ (with report)
+ (with telemetry)
+ (with message "Mach syscall used after launch")
+ (syscall-mach-only-in-use-during-launch)))
+#endif
+
(allow syscall-mach (with telemetry-backtrace)
- (machtrap-number MSC_mach_msg_overwrite_trap)
- (machtrap-number MSC_mk_timer_arm_leeway)
- (machtrap-number MSC_swtch_pri)
- (machtrap-number MSC_thread_self_trap))
+ (syscall-mach-possibly-unused))
)
+(define (kernel-mig-routine-only-in-use-during-launch)
+ (kernel-mig-routine
+ host_get_clock_service
+ host_get_special_port
+ host_info
+ io_server_version
+ mach_port_get_context_from_user
+ task_restartable_ranges_register
+ task_set_special_port))
+
+(define (kernel-mig-routine-in-use)
+ (kernel-mig-routine
+ (when (defined? '_mach_make_memory_entry) _mach_make_memory_entry)
+ host_get_io_master
+ io_connect_async_method
+ io_connect_method
+ io_connect_set_notification_port_64
+ io_iterator_next
+ io_registry_entry_from_path
+ io_registry_entry_get_property_bin_buf
+ io_registry_entry_get_property_bytes
+ io_registry_entry_get_registry_entry_id
+ io_service_get_matching_service_bin
+ io_service_get_matching_services_bin
+ io_service_open_extended
+ mach_port_set_attributes
+ mach_vm_copy
+ mach_vm_map_external
+ mach_vm_remap_external
+ semaphore_create
+ semaphore_destroy
+ task_create_identity_token
+ task_get_special_port_from_user
+ task_info_from_user
+ task_restartable_ranges_synchronize
+ thread_get_state_to_user
+ thread_resume
+ thread_set_exception_ports
+ thread_suspend))
+
+(define (kernel-mig-routine-possibly-unused)
+ (kernel-mig-routine
+ clock_get_time
+ host_request_notification
+ io_connect_add_client
+ io_connect_map_memory_into_task
+ (when (defined? 'io_connect_set_notification_port) io_connect_set_notification_port)
+ io_registry_entry_get_parent_iterator
+ io_service_add_notification_bin
+ io_service_add_notification_bin_64
+ io_service_close
+ mach_exception_raise
+ (when (defined? 'mach_make_memory_entry) mach_make_memory_entry)
+ (when (defined? 'mach_make_memory_entry_64) mach_make_memory_entry_64)
+ mach_port_request_notification
+ mach_vm_region
+ mach_vm_region_recurse
+ task_threads_from_user
+ (when (defined? 'vm_copy) vm_copy)
+ (when (defined? 'vm_remap_external) vm_remap_external)))
+
+(define (kernel-mig-routine-rarely-used)
+ (kernel-mig-routine
+ mach_memory_entry_ownership
+ task_set_exc_guard_behavior
+ thread_info
+ thread_policy
+ thread_policy_set))
+
(when (defined? 'mach-kernel-endpoint)
(allow mach-kernel-endpoint
(apply-message-filter
(deny mach-message-send (with telemetry))
- (allow mach-message-send (with telemetry-backtrace) (kernel-mig-routine
- clock_get_time
- host_request_notification
- io_connect_add_client
- io_connect_map_memory_into_task
- (when (defined? 'io_connect_set_notification_port) io_connect_set_notification_port)
- io_registry_entry_get_parent_iterator
- io_service_add_notification_bin
- io_service_add_notification_bin_64
- io_service_close
- mach_exception_raise
- (when (defined? 'mach_make_memory_entry) mach_make_memory_entry)
- (when (defined? 'mach_make_memory_entry_64) mach_make_memory_entry_64)
- mach_port_request_notification
- mach_vm_region
- mach_vm_region_recurse
- task_threads_from_user
- (when (defined? 'vm_copy) vm_copy)
- (when (defined? 'vm_remap_external) vm_remap_external)))
+ (allow mach-message-send (with telemetry-backtrace)
+ (kernel-mig-routine-possibly-unused))
- (allow mach-message-send (with telemetry) (kernel-mig-routine
- mach_memory_entry_ownership
- task_set_exc_guard_behavior
- thread_info
- thread_policy
- thread_policy_set))
+ (allow mach-message-send (with telemetry)
+ (kernel-mig-routine-rarely-used))
- (allow mach-message-send (kernel-mig-routine
- (when (defined? '_mach_make_memory_entry) _mach_make_memory_entry)
- host_get_clock_service
- host_get_io_master
- host_get_special_port
- host_info
- io_connect_async_method
- io_connect_method
- io_connect_set_notification_port_64
- io_iterator_next
- io_registry_entry_from_path
- io_registry_entry_get_property_bin_buf
- io_registry_entry_get_property_bytes
- io_registry_entry_get_registry_entry_id
- io_server_version
- io_service_get_matching_service_bin
- io_service_get_matching_services_bin
- io_service_open_extended
- mach_port_get_context_from_user
- mach_port_set_attributes
- mach_vm_copy
- mach_vm_map_external
- mach_vm_remap_external
- semaphore_create
- semaphore_destroy
- task_create_identity_token
- task_get_special_port_from_user
- task_info_from_user
- task_restartable_ranges_register
- task_restartable_ranges_synchronize
- task_set_special_port
- thread_get_state_to_user
- thread_resume
- thread_set_exception_ports
- thread_suspend))
+ (allow mach-message-send
+ (kernel-mig-routine-only-in-use-during-launch)
+ (kernel-mig-routine-in-use))
+#if HAVE(SANDBOX_STATE_FLAGS)
+;; FIXME: enable this when rdar://85931614 is fixed
+;; (with-filter (require-not (state-flag "WebContentProcessLaunched"))
+;; (allow mach-message-send
+;; (kernel-mig-routine-only-in-use-during-launch)))
+;; (with-filter (state-flag "WebContentProcessLaunched")
+;; (allow mach-message-send
+;; (with report)
+;; (with telemetry)
+;; (with message "kernel mig routine used after launch")
+;; (kernel-mig-routine-only-in-use-during-launch)))
+#endif
+
(when (defined? 'mach_port_is_connection_for_service)
(allow mach-message-send (kernel-mig-routine mach_port_is_connection_for_service))
)
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (286468 => 286469)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-12-03 01:03:15 UTC (rev 286468)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2021-12-03 01:14:02 UTC (rev 286469)
@@ -446,6 +446,13 @@
Ref<WebPage> WebPage::create(PageIdentifier pageID, WebPageCreationParameters&& parameters)
{
+#if HAVE(SANDBOX_STATE_FLAGS)
+ // This call is not meant to actually read a preference, but is only here to trigger a sandbox rule in the
+ // WebContent process, which will toggle a sandbox variable used to determine if the WebContent process
+ // has finished launching. This call should be replaced with proper API when available.
+ CFPreferencesGetAppIntegerValue(CFSTR("key"), CFSTR("com.apple.WebKit.WebContent.Launch"), nullptr);
+#endif
+
Ref<WebPage> page = adoptRef(*new WebPage(pageID, WTFMove(parameters)));
if (WebProcess::singleton().injectedBundle())
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
