Skip to site navigation (Press enter)

[webkit-changes] [285551] trunk/Source/WebKit

pvollan Tue, 09 Nov 2021 17:40:18 -0800

Title: [285551] trunk/Source/WebKit

Revision: 285551
Author: pvol...@apple.com
Date: 2021-11-09 17:39:23 -0800 (Tue, 09 Nov 2021)

Log Message

[macOS][GPUP] Block access to mapping of executables
https://bugs.webkit.org/show_bug.cgi?id=232257
<rdar://problem/84623297>


Reviewed by Brent Fulgham.

Block access to mapping of certain executables in the GPU process on macOS.

* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (285550 => 285551)


--- trunk/Source/WebKit/ChangeLog	2021-11-10 01:25:55 UTC (rev 285550)
+++ trunk/Source/WebKit/ChangeLog	2021-11-10 01:39:23 UTC (rev 285551)
@@ -1,3 +1,15 @@
+2021-11-09  Per Arne  <pvol...@apple.com>
+
+        [macOS][GPUP] Block access to mapping of executables
+        https://bugs.webkit.org/show_bug.cgi?id=232257
+        <rdar://problem/84623297>
+
+        Reviewed by Brent Fulgham.
+
+        Block access to mapping of certain executables in the GPU process on macOS.
+
+        * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+
 2021-11-09  Chris Dumez  <cdu...@apple.com>
 
         REGRESSION (Safari 15): AudioContext.currentTime speeds up (and audio won't play) when Bluetooth speaker connected

Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (285550 => 285551)


--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2021-11-10 01:25:55 UTC (rev 285550)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2021-11-10 01:39:23 UTC (rev 285551)
@@ -58,14 +58,10 @@
     (subpath "/usr/share"))))
 
 ;;; Allow mapping of system frameworks + dylibs
-(allow file-map-executable (with telemetry)
-    (subpath "/Library/Apple/System/Library/Frameworks")
-    (subpath "/Library/Apple/System/Library/PrivateFrameworks")
+(allow file-map-executable
     (subpath "/System/Library/Frameworks")
     (subpath "/System/Library/PrivateFrameworks")
-    (subpath "/usr/lib")
-    (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
-)
+    (subpath "/usr/lib"))
 
 (allow file-read-metadata
     (literal "/var")

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes