Title: [293733] trunk/Source/WebKit
- Revision
- 293733
- Author
- pvol...@apple.com
- Date
- 2022-05-03 11:25:46 -0700 (Tue, 03 May 2022)
Log Message
[iOS][GPUP] Remove Mach sandbox extensions for non browser clients
https://bugs.webkit.org/show_bug.cgi?id=240008
Reviewed by Geoffrey Garen.
Remove Mach sandbox extensions for clients that are not browsers in the GPU process on iOS. The same set of extensions
has recently been removed from the WebContent process. We also block these in the GPU process' sandbox, so there should
be no change in behavior.
* GPUProcess/GPUProcess.cpp:
(WebKit::GPUProcess::initializeGPUProcess):
* GPUProcess/GPUProcessCreationParameters.cpp:
(WebKit::GPUProcessCreationParameters::encode const):
(WebKit::GPUProcessCreationParameters::decode):
* GPUProcess/GPUProcessCreationParameters.h:
* UIProcess/GPU/GPUProcessProxy.cpp:
(WebKit::GPUProcessProxy::GPUProcessProxy):
(WebKit::nonBrowserServices): Deleted.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (293732 => 293733)
--- trunk/Source/WebKit/ChangeLog 2022-05-03 18:23:32 UTC (rev 293732)
+++ trunk/Source/WebKit/ChangeLog 2022-05-03 18:25:46 UTC (rev 293733)
@@ -1,5 +1,26 @@
2022-05-03 Per Arne Vollan <pvol...@apple.com>
+ [iOS][GPUP] Remove Mach sandbox extensions for non browser clients
+ https://bugs.webkit.org/show_bug.cgi?id=240008
+
+ Reviewed by Geoffrey Garen.
+
+ Remove Mach sandbox extensions for clients that are not browsers in the GPU process on iOS. The same set of extensions
+ has recently been removed from the WebContent process. We also block these in the GPU process' sandbox, so there should
+ be no change in behavior.
+
+ * GPUProcess/GPUProcess.cpp:
+ (WebKit::GPUProcess::initializeGPUProcess):
+ * GPUProcess/GPUProcessCreationParameters.cpp:
+ (WebKit::GPUProcessCreationParameters::encode const):
+ (WebKit::GPUProcessCreationParameters::decode):
+ * GPUProcess/GPUProcessCreationParameters.h:
+ * UIProcess/GPU/GPUProcessProxy.cpp:
+ (WebKit::GPUProcessProxy::GPUProcessProxy):
+ (WebKit::nonBrowserServices): Deleted.
+
+2022-05-03 Per Arne Vollan <pvol...@apple.com>
+
[iOS][WP] Remove obsolete message filter
https://bugs.webkit.org/show_bug.cgi?id=240012
Modified: trunk/Source/WebKit/GPUProcess/GPUProcess.cpp (293732 => 293733)
--- trunk/Source/WebKit/GPUProcess/GPUProcess.cpp 2022-05-03 18:23:32 UTC (rev 293732)
+++ trunk/Source/WebKit/GPUProcess/GPUProcess.cpp 2022-05-03 18:25:46 UTC (rev 293733)
@@ -253,7 +253,6 @@
#if PLATFORM(IOS_FAMILY)
SandboxExtension::consumePermanently(parameters.compilerServiceExtensionHandles);
SandboxExtension::consumePermanently(parameters.dynamicIOKitExtensionHandles);
- SandboxExtension::consumePermanently(parameters.dynamicMachExtensionHandles);
#endif
#if HAVE(CGIMAGESOURCE_WITH_SET_ALLOWABLE_TYPES)
Modified: trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp (293732 => 293733)
--- trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp 2022-05-03 18:23:32 UTC (rev 293732)
+++ trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp 2022-05-03 18:25:46 UTC (rev 293733)
@@ -60,7 +60,6 @@
#if PLATFORM(IOS_FAMILY)
encoder << compilerServiceExtensionHandles;
encoder << dynamicIOKitExtensionHandles;
- encoder << dynamicMachExtensionHandles;
#endif
encoder << applicationVisibleName;
@@ -111,12 +110,6 @@
if (!dynamicIOKitExtensionHandles)
return false;
result.dynamicIOKitExtensionHandles = WTFMove(*dynamicIOKitExtensionHandles);
-
- std::optional<Vector<SandboxExtension::Handle>> dynamicMachExtensionHandles;
- decoder >> dynamicMachExtensionHandles;
- if (!dynamicMachExtensionHandles)
- return false;
- result.dynamicMachExtensionHandles = WTFMove(*dynamicMachExtensionHandles);
#endif
if (!decoder.decode(result.applicationVisibleName))
Modified: trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h (293732 => 293733)
--- trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h 2022-05-03 18:23:32 UTC (rev 293732)
+++ trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h 2022-05-03 18:25:46 UTC (rev 293733)
@@ -60,7 +60,6 @@
#if PLATFORM(IOS_FAMILY)
Vector<SandboxExtension::Handle> compilerServiceExtensionHandles;
Vector<SandboxExtension::Handle> dynamicIOKitExtensionHandles;
- Vector<SandboxExtension::Handle> dynamicMachExtensionHandles;
#endif
String applicationVisibleName;
Modified: trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp (293732 => 293733)
--- trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp 2022-05-03 18:23:32 UTC (rev 293732)
+++ trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp 2022-05-03 18:25:46 UTC (rev 293733)
@@ -81,19 +81,6 @@
}
#endif
-#if PLATFORM(IOS_FAMILY)
-static const Vector<ASCIILiteral>& nonBrowserServices()
-{
- ASSERT(isMainRunLoop());
- static NeverDestroyed services = Vector<ASCIILiteral> {
- "com.apple.iconservices"_s,
- "com.apple.PowerManagement.control"_s,
- "com.apple.frontboard.systemappservices"_s
- };
- return services;
-}
-#endif
-
static WeakPtr<GPUProcessProxy>& singleton()
{
static NeverDestroyed<WeakPtr<GPUProcessProxy>> singleton;
@@ -173,9 +160,6 @@
parameters.compilerServiceExtensionHandles = SandboxExtension::createHandlesForMachLookup(WebCore::agxCompilerServices(), std::nullopt);
parameters.dynamicIOKitExtensionHandles = SandboxExtension::createHandlesForIOKitClassExtensions(WebCore::agxCompilerClasses(), std::nullopt);
}
-
- if (!WebCore::IOSApplication::isMobileSafari())
- parameters.dynamicMachExtensionHandles = SandboxExtension::createHandlesForMachLookup(nonBrowserServices(), std::nullopt);
#endif
platformInitializeGPUProcessParameters(parameters);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes