Title: [294899] trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in
- Revision
- 294899
- Author
- pvol...@apple.com
- Date
- 2022-05-26 14:31:26 -0700 (Thu, 26 May 2022)
Log Message
[iOS][GPUP] Block unused system calls
https://bugs.webkit.org/show_bug.cgi?id=240960
<rdar://84826074>
Reviewed by Chris Dumez.
* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in:
Canonical link: https://commits.webkit.org/251022@main
Modified Paths
Diff
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in (294898 => 294899)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in 2022-05-26 21:29:42 UTC (rev 294898)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb.in 2022-05-26 21:31:26 UTC (rev 294899)
@@ -714,12 +714,14 @@
)
(when (defined? 'syscall-unix)
- (allow syscall-unix (with telemetry))
+ (deny syscall-unix (with telemetry))
(allow syscall-unix (syscall-number
SYS___disable_threadsignal
SYS___mac_syscall
SYS___pthread_sigmask
+ SYS___pthread_kill
SYS___semwait_signal
+ SYS_abort_with_payload
SYS_access
SYS_bsdthread_create
SYS_bsdthread_ctl
@@ -804,6 +806,7 @@
SYS_shared_region_check_np
SYS_shm_open
SYS_sigaction
+ SYS_sigprocmask
SYS_socket
SYS_stat64
SYS_statfs64
@@ -822,7 +825,7 @@
(allow syscall-unix (syscall-number SYS_map_with_linking_np)))
(when (defined? 'syscall-mach)
- (allow syscall-mach (with telemetry))
+ (deny syscall-mach (with telemetry))
(allow syscall-mach
(machtrap-number
MSC__kernelrpc_mach_port_allocate_trap
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
