Diff
Modified: trunk/Source/WTF/ChangeLog (293594 => 293595)
--- trunk/Source/WTF/ChangeLog 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WTF/ChangeLog 2022-04-28 23:31:24 UTC (rev 293595)
@@ -1,3 +1,15 @@
+2022-04-28 Per Arne Vollan <pvol...@apple.com>
+
+ Dynamically switch message filter
+ https://bugs.webkit.org/show_bug.cgi?id=238577
+ <rdar://69263324>
+
+ Reviewed by Geoffrey Garen.
+
+ Add SPI to set sandbox state variable.
+
+ * wtf/spi/darwin/SandboxSPI.h:
+
2022-04-28 Yusuke Suzuki <ysuz...@apple.com>
[WTF] Use quadratic-probing instead of double-hashing
Modified: trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h (293594 => 293595)
--- trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WTF/wtf/spi/darwin/SandboxSPI.h 2022-04-28 23:31:24 UTC (rev 293595)
@@ -86,6 +86,8 @@
char *sandbox_extension_issue_iokit_registry_entry_class_to_process(const char *extension_class, const char *registry_entry_class, uint32_t flags, audit_token_t);
char *sandbox_extension_issue_iokit_registry_entry_class(const char *extension_class, const char *registry_entry_class, uint32_t flags);
+bool sandbox_enable_state_flag(const char *varname, audit_token_t);
+
WTF_EXTERN_C_END
#endif // OS(DARWIN)
Modified: trunk/Source/WebKit/ChangeLog (293594 => 293595)
--- trunk/Source/WebKit/ChangeLog 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/ChangeLog 2022-04-28 23:31:24 UTC (rev 293595)
@@ -1,3 +1,64 @@
+2022-04-28 Per Arne Vollan <pvol...@apple.com>
+
+ Dynamically switch message filter
+ https://bugs.webkit.org/show_bug.cgi?id=238577
+ <rdar://69263324>
+
+ Reviewed by Geoffrey Garen.
+
+ Use a sandbox state variable to dynamically switch the bootstrap filter in the WebContent process' sandbox.
+ During launch of the WebContent process, we use a more permissive bootstrap filter to allow creating Mach
+ connections in this time frame. After the WebContent process has launched, we switch to a blocking filter,
+ which will essentially block access to launchd. The bootstrap filter is being switched back to the more
+ permissive version when we create new Mach sandbox extensions for the WebContent process. This is done on
+ a case by case basis, by adding a new parameter to control this behavior when creating Mach sandbox
+ extensions. While launching the WebContent process there is usually no need to specify that the permissive
+ bootstrap filter is needed, since we are already using the permissive filter during launch time. However,
+ for some Mach extensions that will only result in a new XPC connection in the WebContent process after launch,
+ we need to specify that the permissive filter is requried. Otherwise, creating the new XPC connection after
+ launch will fail. For Mach sandbox extensions created after launch of the WebContent process, we always need
+ to use the permissive bootstrap filter to be able to create the XPC connection. Enabling the permissive
+ bootstrap filter requires the audit token to be available, which means we need to pass the audit token when
+ creating the new Mach sandbox extensions. This patch also waits until after the Web page has been created to
+ set the sandbox variable which indicates that the WebContent process has launched. Without this last change,
+ the bootstrap filter would have needed switching when creating the Web page, since creating the WebPage will
+ consume and revoke some mach extensions.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+ * Scripts/process-entitlements.sh:
+ * Shared/Cocoa/SandboxExtensionCocoa.mm:
+ (WebKit::SandboxExtension::createHandleForMachLookup):
+ (WebKit::SandboxExtension::createHandlesForMachLookup):
+ * Shared/Sandbox/SandboxStateVariables.h: Added.
+ * Shared/SandboxExtension.h:
+ * UIProcess/Cocoa/WebPageProxyCocoa.mm:
+ (WebKit::WebPageProxy::addPlatformLoadParameters):
+ (WebKit::WebPageProxy::grantAccessToAssetServices):
+ (WebKit::WebPageProxy::switchFromStaticFontRegistryToUserFontRegistry):
+ (WebKit::WebPageProxy::fontdMachExtensionHandle):
+ * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+ (WebKit::WebProcessPool::registerNotificationObservers):
+ * UIProcess/Cocoa/WebProcessProxyCocoa.mm:
+ (WebKit::WebProcessProxy::unblockAccessibilityServerIfNeeded):
+ (WebKit::WebProcessProxy::messageSourceIsValidWebContentProcess):
+ (WebKit::WebProcessProxy::auditToken const):
+ * UIProcess/SpeechRecognitionRemoteRealtimeMediaSourceManager.cpp:
+ (WebKit::SpeechRecognitionRemoteRealtimeMediaSourceManager::addSource):
+ * UIProcess/UserMediaPermissionRequestManagerProxy.cpp:
+ (WebKit::UserMediaPermissionRequestManagerProxy::finishGrantingRequest):
+ * UIProcess/UserMediaProcessManager.cpp:
+ (WebKit::UserMediaProcessManager::willCreateMediaStream):
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::processNextQueuedMouseEvent):
+ (WebKit::WebPageProxy::didChooseFilesForOpenPanelWithDisplayStringAndIcon):
+ (WebKit::WebPageProxy::creationParameters):
+ * UIProcess/WebPageProxy.h:
+ * UIProcess/WebProcessProxy.h:
+ * WebKit.xcodeproj/project.pbxproj:
+ * WebProcess/WebPage/WebPage.cpp:
+ (WebKit::WebPage::create):
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2022-04-28 Alex Christensen <achristen...@webkit.org>
Set top origin of CORS preflight requests
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (293594 => 293595)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2022-04-28 23:31:24 UTC (rev 293595)
@@ -1450,40 +1450,32 @@
)
(define-once (mach-bootstrap-message-numbers)
- (message-number
- 206
- 207
- 711
- 712
- 718
- 800
- 802
- 803
- 804
- 805
- )
-)
+ (message-number 206 207 711 712 718 800 802 803 804 805 904))
-(if (defined? '*sbpl-version*)
+(define (allow-mach-bootstrap-with-filter)
(allow mach-bootstrap
(apply-message-filter
(deny mach-message-send (with telemetry))
(allow mach-message-send
- (mach-bootstrap-message-numbers)
- )
- )
- )
-;; else
+ (mach-bootstrap-message-numbers)))))
+
+#if HAVE(SANDBOX_STATE_FLAGS)
+(if (require-ancestor-with-entitlement "com.apple.private.security.enable-state-flags")
(allow mach-bootstrap
(apply-message-filter
- (deny xpc-message-send (with telemetry))
- (allow xpc-message-send
- (mach-bootstrap-message-numbers)
- )
- )
- )
-)
+ (allow mach-message-send (with telemetry-backtrace))))
+;; else
+ (allow-mach-bootstrap-with-filter))
+(with-filter
+ (require-any
+ (require-not (state-flag "WebContentProcessLaunched"))
+ (state-flag "EnableMachBootstrap"))
+ (allow-mach-bootstrap-with-filter))
+#else
+(allow-mach-bootstrap-with-filter)
+#endif
+
(define (syscall-mach-only-in-use-during-launch)
(machtrap-number
MSC_mach_generate_activity_id
Modified: trunk/Source/WebKit/Scripts/process-entitlements.sh (293594 => 293595)
--- trunk/Source/WebKit/Scripts/process-entitlements.sh 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/Scripts/process-entitlements.sh 2022-04-28 23:31:24 UTC (rev 293595)
@@ -197,6 +197,12 @@
plistbuddy Add :com.apple.security.cs.single-jit bool YES
fi
+ if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 130000 ))
+ then
+ plistbuddy Add :com.apple.private.security.mutable-state-flags array
+ plistbuddy Add :com.apple.private.security.mutable-state-flags:0 string EnableMachBootstrap
+ fi
+
if [[ "${WK_WEBCONTENT_SERVICE_NEEDS_XPC_DOMAIN_EXTENSION_ENTITLEMENT}" == YES ]]
then
plistbuddy Add :com.apple.private.xpc.domain-extension bool YES
@@ -344,6 +350,8 @@
plistbuddy Add :com.apple.private.pac.exception bool YES
plistbuddy Add :com.apple.private.verified-jit bool YES
plistbuddy Add :com.apple.private.security.message-filter bool YES
+ plistbuddy Add :com.apple.private.security.mutable-state-flags array
+ plistbuddy Add :com.apple.private.security.mutable-state-flags:0 string EnableMachBootstrap
plistbuddy Add :com.apple.private.webinspector.allow-remote-inspection bool YES
plistbuddy Add :com.apple.private.webinspector.proxy-application bool YES
plistbuddy Add :com.apple.private.webkit.use-xpc-endpoint bool YES
Modified: trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm (293594 => 293595)
--- trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm 2022-04-28 23:31:24 UTC (rev 293595)
@@ -38,6 +38,10 @@
#import <wtf/spi/darwin/SandboxSPI.h>
#import <wtf/text/CString.h>
+#if HAVE(SANDBOX_STATE_FLAGS)
+#include "SandboxStateVariables.h"
+#endif
+
namespace WebKit {
class SandboxExtensionImpl {
@@ -316,8 +320,9 @@
return WTFMove(handle);
}
-auto SandboxExtension::createHandleForMachLookup(ASCIILiteral service, std::optional<audit_token_t> auditToken, OptionSet<Flags> flags) -> std::optional<Handle>
+auto SandboxExtension::createHandleForMachLookup(ASCIILiteral service, std::optional<audit_token_t> auditToken, MachBootstrapOptions machBootstrapOptions, OptionSet<Flags> flags) -> std::optional<Handle>
{
+ UNUSED_PARAM(machBootstrapOptions);
Handle handle;
ASSERT(!handle.m_sandboxExtension);
@@ -327,21 +332,30 @@
return std::nullopt;
}
+#if HAVE(SANDBOX_STATE_FLAGS)
+ // When launchd is blocked in the sandbox, we need to manually enable bootstrapping of new XPC connectons.
+ // This is done by unblocking launchd, since launchd access is required when creating Mach connections.
+ // Unblocking launchd is done by enabling a sandbox state variable.
+ // In the initial version of this change, Mach bootstrap'ing is enabled unconditionally.
+ if (auditToken)
+ sandbox_enable_state_flag(ENABLE_MACH_BOOTSTRAP, *auditToken);
+#endif
+
return WTFMove(handle);
}
-auto SandboxExtension::createHandlesForMachLookup(Span<const ASCIILiteral> services, std::optional<audit_token_t> auditToken, OptionSet<Flags> flags) -> Vector<Handle>
+auto SandboxExtension::createHandlesForMachLookup(Span<const ASCIILiteral> services, std::optional<audit_token_t> auditToken, MachBootstrapOptions machBootstrapOptions, OptionSet<Flags> flags) -> Vector<Handle>
{
- return createHandlesForResources(services, [auditToken, flags] (ASCIILiteral service) -> std::optional<Handle> {
- auto handle = createHandleForMachLookup(service, auditToken, flags);
+ return createHandlesForResources(services, [auditToken, machBootstrapOptions, flags] (ASCIILiteral service) -> std::optional<Handle> {
+ auto handle = createHandleForMachLookup(service, auditToken, machBootstrapOptions, flags);
ASSERT(handle);
return handle;
});
}
-auto SandboxExtension::createHandlesForMachLookup(std::initializer_list<const ASCIILiteral> services, std::optional<audit_token_t> auditToken, OptionSet<Flags> flags) -> Vector<Handle>
+auto SandboxExtension::createHandlesForMachLookup(std::initializer_list<const ASCIILiteral> services, std::optional<audit_token_t> auditToken, MachBootstrapOptions machBootstrapOptions, OptionSet<Flags> flags) -> Vector<Handle>
{
- return createHandlesForMachLookup(Span { services.begin(), services.size() }, auditToken, flags);
+ return createHandlesForMachLookup(Span { services.begin(), services.size() }, auditToken, machBootstrapOptions, flags);
}
auto SandboxExtension::createHandleForReadByAuditToken(StringView path, audit_token_t auditToken) -> std::optional<Handle>
Added: trunk/Source/WebKit/Shared/Sandbox/SandboxStateVariables.h (0 => 293595)
--- trunk/Source/WebKit/Shared/Sandbox/SandboxStateVariables.h (rev 0)
+++ trunk/Source/WebKit/Shared/Sandbox/SandboxStateVariables.h 2022-04-28 23:31:24 UTC (rev 293595)
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2022 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#pragma once
+
+#define ENABLE_MACH_BOOTSTRAP "EnableMachBootstrap"
Modified: trunk/Source/WebKit/Shared/SandboxExtension.h (293594 => 293595)
--- trunk/Source/WebKit/Shared/SandboxExtension.h 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/Shared/SandboxExtension.h 2022-04-28 23:31:24 UTC (rev 293595)
@@ -59,7 +59,12 @@
NoReport,
DoNotCanonicalize,
};
-
+
+ enum class MachBootstrapOptions : uint8_t {
+ DoNotEnableMachBootstrap,
+ EnableMachBootstrap
+ };
+
class Handle {
WTF_MAKE_NONCOPYABLE(Handle);
public:
@@ -91,9 +96,9 @@
static std::optional<std::pair<Handle, String>> createHandleForTemporaryFile(StringView prefix, Type);
static std::optional<Handle> createHandleForGenericExtension(ASCIILiteral extensionClass);
#if HAVE(AUDIT_TOKEN)
- static std::optional<Handle> createHandleForMachLookup(ASCIILiteral service, std::optional<audit_token_t>, OptionSet<Flags> = Flags::Default);
- static Vector<Handle> createHandlesForMachLookup(Span<const ASCIILiteral> services, std::optional<audit_token_t>, OptionSet<Flags> = Flags::Default);
- static Vector<Handle> createHandlesForMachLookup(std::initializer_list<const ASCIILiteral> services, std::optional<audit_token_t>, OptionSet<Flags> = Flags::Default);
+ static std::optional<Handle> createHandleForMachLookup(ASCIILiteral service, std::optional<audit_token_t>, MachBootstrapOptions = MachBootstrapOptions::DoNotEnableMachBootstrap, OptionSet<Flags> = Flags::Default);
+ static Vector<Handle> createHandlesForMachLookup(Span<const ASCIILiteral> services, std::optional<audit_token_t>, MachBootstrapOptions = MachBootstrapOptions::DoNotEnableMachBootstrap, OptionSet<Flags> = Flags::Default);
+ static Vector<Handle> createHandlesForMachLookup(std::initializer_list<const ASCIILiteral> services, std::optional<audit_token_t>, MachBootstrapOptions = MachBootstrapOptions::DoNotEnableMachBootstrap, OptionSet<Flags> = Flags::Default);
static std::optional<Handle> createHandleForReadByAuditToken(StringView path, audit_token_t);
static std::optional<Handle> createHandleForIOKitClassExtension(ASCIILiteral iokitClass, std::optional<audit_token_t>, OptionSet<Flags> = Flags::Default);
static Vector<Handle> createHandlesForIOKitClassExtensions(Span<const ASCIILiteral> iokitClasses, std::optional<audit_token_t>, OptionSet<Flags> = Flags::Default);
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm (293594 => 293595)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm 2022-04-28 23:31:24 UTC (rev 293595)
@@ -201,11 +201,12 @@
#if !ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
loadParameters.networkExtensionSandboxExtensionHandles = createNetworkExtensionsSandboxExtensions(process);
#if PLATFORM(IOS)
+ auto auditToken = process.auditToken();
if (!process.hasManagedSessionSandboxAccess() && [getWebFilterEvaluatorClass() isManagedSession]) {
- if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI"_s, std::nullopt))
+ if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.uikit.viewservice.com.apple.WebContentFilter.remoteUI"_s, auditToken, SandboxExtension::MachBootstrapOptions::EnableMachBootstrap))
loadParameters.contentFilterExtensionHandle = WTFMove(*handle);
- if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.frontboard.systemappservices"_s, std::nullopt))
+ if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.frontboard.systemappservices"_s, auditToken, SandboxExtension::MachBootstrapOptions::EnableMachBootstrap))
loadParameters.frontboardServiceExtensionHandle = WTFMove(*handle);
process.markHasManagedSessionSandboxAccess();
@@ -841,7 +842,7 @@
void WebPageProxy::grantAccessToAssetServices()
{
SandboxExtension::Handle mobileAssetHandleV2;
- if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.mobileassetd.v2"_s, std::nullopt))
+ if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.mobileassetd.v2"_s, process().auditToken(), SandboxExtension::MachBootstrapOptions::EnableMachBootstrap))
mobileAssetHandleV2 = WTFMove(*handle);
process().send(Messages::WebProcess::GrantAccessToAssetServices(mobileAssetHandleV2), 0);
}
@@ -853,13 +854,13 @@
void WebPageProxy::switchFromStaticFontRegistryToUserFontRegistry()
{
- process().send(Messages::WebProcess::SwitchFromStaticFontRegistryToUserFontRegistry(fontdMachExtensionHandle()), 0);
+ process().send(Messages::WebProcess::SwitchFromStaticFontRegistryToUserFontRegistry(fontdMachExtensionHandle(SandboxExtension::MachBootstrapOptions::EnableMachBootstrap)), 0);
}
-SandboxExtension::Handle WebPageProxy::fontdMachExtensionHandle()
+SandboxExtension::Handle WebPageProxy::fontdMachExtensionHandle(SandboxExtension::MachBootstrapOptions machBootstrapOptions)
{
SandboxExtension::Handle fontMachExtensionHandle;
- if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.fonts"_s, std::nullopt))
+ if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.fonts"_s, process().auditToken(), machBootstrapOptions))
fontMachExtensionHandle = WTFMove(*handle);
return fontMachExtensionHandle;
}
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (293594 => 293595)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm 2022-04-28 23:31:24 UTC (rev 293595)
@@ -716,14 +716,21 @@
int notifyToken;
notify_register_dispatch(message, ¬ifyToken, dispatch_get_main_queue(), ^(int token) {
RELEASE_LOG(Notifications, "OpenDirectory invalidated cache");
+#if ENABLE(GPU_PROCESS)
auto handle = SandboxExtension::createHandleForMachLookup("com.apple.system.opendirectoryd.libinfo"_s, std::nullopt);
if (!handle)
return;
-#if ENABLE(GPU_PROCESS)
if (auto* gpuProcess = GPUProcessProxy::singletonIfCreated())
gpuProcess->send(Messages::GPUProcess::OpenDirectoryCacheInvalidated(*handle), 0);
#endif
- sendToAllProcesses(Messages::WebProcess::OpenDirectoryCacheInvalidated(*handle));
+ for (auto& process : m_processes) {
+ if (!process->canSendMessage())
+ continue;
+ auto handle = SandboxExtension::createHandleForMachLookup("com.apple.system.opendirectoryd.libinfo"_s, process->auditToken(), SandboxExtension::MachBootstrapOptions::EnableMachBootstrap);
+ if (!handle)
+ continue;
+ process->send(Messages::WebProcess::OpenDirectoryCacheInvalidated(*handle), 0);
+ }
});
m_openDirectoryNotifyTokens.append(notifyToken);
}
Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm (293594 => 293595)
--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessProxyCocoa.mm 2022-04-28 23:31:24 UTC (rev 293595)
@@ -248,7 +248,7 @@
Vector<SandboxExtension::Handle> handleArray;
#if PLATFORM(IOS_FAMILY)
- handleArray = SandboxExtension::createHandlesForMachLookup({ "com.apple.iphone.axserver-systemwide"_s, "com.apple.frontboard.systemappservices"_s }, connection() ? connection()->getAuditToken() : std::nullopt);
+ handleArray = SandboxExtension::createHandlesForMachLookup({ "com.apple.iphone.axserver-systemwide"_s, "com.apple.frontboard.systemappservices"_s }, auditToken(), SandboxExtension::MachBootstrapOptions::EnableMachBootstrap);
ASSERT(handleArray.size() == 2);
#endif
@@ -325,4 +325,12 @@
return true;
}
+std::optional<audit_token_t> WebProcessProxy::auditToken() const
+{
+ if (!hasConnection())
+ return std::nullopt;
+
+ return connection()->getAuditToken();
}
+
+}
Modified: trunk/Source/WebKit/UIProcess/SpeechRecognitionRemoteRealtimeMediaSourceManager.cpp (293594 => 293595)
--- trunk/Source/WebKit/UIProcess/SpeechRecognitionRemoteRealtimeMediaSourceManager.cpp 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/UIProcess/SpeechRecognitionRemoteRealtimeMediaSourceManager.cpp 2022-04-28 23:31:24 UTC (rev 293595)
@@ -49,7 +49,7 @@
m_sourcesNeedingSandboxExtension.add(identifier);
if (m_sourcesNeedingSandboxExtension.size() == 1) {
SandboxExtension::Handle handleForTCCD;
- if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.tccd"_s, m_connection->getAuditToken()))
+ if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.tccd"_s, m_connection->getAuditToken(), SandboxExtension::MachBootstrapOptions::EnableMachBootstrap))
handleForTCCD = WTFMove(*handle);
SandboxExtension::Handle handleForMicrophone;
if (auto handle = SandboxExtension::createHandleForGenericExtension("com.apple.webkit.microphone"_s))
Modified: trunk/Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp (293594 => 293595)
--- trunk/Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/UIProcess/UserMediaPermissionRequestManagerProxy.cpp 2022-04-28 23:31:24 UTC (rev 293595)
@@ -291,7 +291,7 @@
SandboxExtension::Handle handle;
#if PLATFORM(COCOA)
if (!m_hasCreatedSandboxExtensionForTCCD && doesPageNeedTCCD(m_page)) {
- if (auto createdHandle = SandboxExtension::createHandleForMachLookup("com.apple.tccd"_s, m_page.process().connection()->getAuditToken()))
+ if (auto createdHandle = SandboxExtension::createHandleForMachLookup("com.apple.tccd"_s, m_page.process().auditToken(), SandboxExtension::MachBootstrapOptions::EnableMachBootstrap))
handle = WTFMove(*createdHandle);
m_hasCreatedSandboxExtensionForTCCD = true;
}
Modified: trunk/Source/WebKit/UIProcess/UserMediaProcessManager.cpp (293594 => 293595)
--- trunk/Source/WebKit/UIProcess/UserMediaProcessManager.cpp 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/UIProcess/UserMediaProcessManager.cpp 2022-04-28 23:31:24 UTC (rev 293595)
@@ -114,13 +114,14 @@
}
}
+ auto auditToken = process.auditToken();
if (needsAppleCameraSandboxExtension) {
- if (auto handle = SandboxExtension::createHandleForMachLookup(appleCameraServicePath, std::nullopt)) {
+ if (auto handle = SandboxExtension::createHandleForMachLookup(appleCameraServicePath, auditToken, SandboxExtension::MachBootstrapOptions::EnableMachBootstrap)) {
handles[--extensionCount] = WTFMove(*handle);
ids.uncheckedAppend(appleCameraServicePath);
}
#if HAVE(ADDITIONAL_APPLE_CAMERA_SERVICE)
- if (auto handle = SandboxExtension::createHandleForMachLookup(additionalAppleCameraServicePath, std::nullopt)) {
+ if (auto handle = SandboxExtension::createHandleForMachLookup(additionalAppleCameraServicePath, auditToken, SandboxExtension::MachBootstrapOptions::EnableMachBootstrap)) {
handles[--extensionCount] = WTFMove(*handle);
ids.uncheckedAppend(additionalAppleCameraServicePath);
}
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (293594 => 293595)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2022-04-28 23:31:24 UTC (rev 293595)
@@ -2888,9 +2888,9 @@
#if PLATFORM(MAC)
bool eventMayStartDrag = !m_currentDragOperation && eventType == WebEvent::MouseMove && event.button() != WebMouseEvent::Button::NoButton;
if (eventMayStartDrag)
- sandboxExtensions = SandboxExtension::createHandlesForMachLookup({ "com.apple.iconservices"_s, "com.apple.iconservices.store"_s }, std::nullopt);
+ sandboxExtensions = SandboxExtension::createHandlesForMachLookup({ "com.apple.iconservices"_s, "com.apple.iconservices.store"_s }, process().auditToken(), SandboxExtension::MachBootstrapOptions::EnableMachBootstrap);
#endif
-
+
LOG(MouseHandling, "UIProcess: sent mouse event %s (queue size %zu)", webMouseEventTypeString(eventType), m_mouseEventQueue.size());
send(Messages::WebPage::MouseEvent(event, sandboxExtensions));
}
@@ -7261,11 +7261,12 @@
#endif
SandboxExtension::Handle frontboardServicesSandboxExtension, iconServicesSandboxExtension;
+ auto auditToken = m_process->auditToken();
#if HAVE(FRONTBOARD_SYSTEM_APP_SERVICES)
- if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.frontboard.systemappservices"_s, std::nullopt))
+ if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.frontboard.systemappservices"_s, auditToken, SandboxExtension::MachBootstrapOptions::EnableMachBootstrap))
frontboardServicesSandboxExtension = WTFMove(*handle);
#endif
- if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.iconservices"_s, std::nullopt))
+ if (auto handle = SandboxExtension::createHandleForMachLookup("com.apple.iconservices"_s, auditToken, SandboxExtension::MachBootstrapOptions::EnableMachBootstrap))
iconServicesSandboxExtension = WTFMove(*handle);
send(Messages::WebPage::DidChooseFilesForOpenPanelWithDisplayStringAndIcon(fileURLs, displayString, iconData ? iconData->dataReference() : IPC::DataReference(), frontboardServicesSandboxExtension, iconServicesSandboxExtension));
@@ -8394,7 +8395,7 @@
#endif
#if HAVE(STATIC_FONT_REGISTRY)
if (preferences().shouldAllowUserInstalledFonts())
- parameters.fontMachExtensionHandle = fontdMachExtensionHandle();
+ parameters.fontMachExtensionHandle = fontdMachExtensionHandle(SandboxExtension::MachBootstrapOptions::DoNotEnableMachBootstrap);
#endif
#if HAVE(APP_ACCENT_COLORS)
parameters.accentColor = pageClient().accentColor();
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.h (293594 => 293595)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.h 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.h 2022-04-28 23:31:24 UTC (rev 293595)
@@ -2651,7 +2651,7 @@
static Vector<SandboxExtension::Handle> createNetworkExtensionsSandboxExtensions(WebProcessProxy&);
#endif
- static SandboxExtension::Handle fontdMachExtensionHandle();
+ SandboxExtension::Handle fontdMachExtensionHandle(SandboxExtension::MachBootstrapOptions);
void didUpdateEditorState(const EditorState& oldEditorState, const EditorState& newEditorState);
Modified: trunk/Source/WebKit/UIProcess/WebProcessProxy.h (293594 => 293595)
--- trunk/Source/WebKit/UIProcess/WebProcessProxy.h 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/UIProcess/WebProcessProxy.h 2022-04-28 23:31:24 UTC (rev 293595)
@@ -433,6 +433,10 @@
WebCore::CrossOriginMode crossOriginMode() const { return m_crossOriginMode; }
CaptivePortalMode captivePortalMode() const { return m_captivePortalMode; }
+#if PLATFORM(COCOA)
+ std::optional<audit_token_t> auditToken() const;
+#endif
+
protected:
WebProcessProxy(WebProcessPool&, WebsiteDataStore*, IsPrewarmed, WebCore::CrossOriginMode, CaptivePortalMode);
Modified: trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj (293594 => 293595)
--- trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/WebKit.xcodeproj/project.pbxproj 2022-04-28 23:31:24 UTC (rev 293595)
@@ -2271,6 +2271,8 @@
E1D26A53175964D90095BFD1 /* WebContentProcess.xib in Resources */ = {isa = PBXBuildFile; fileRef = E1D26A4C1759634E0095BFD1 /* WebContentProcess.xib */; };
E1E552C516AE065F004ED653 /* SandboxInitializationParameters.h in Headers */ = {isa = PBXBuildFile; fileRef = E1E552C316AE065E004ED653 /* SandboxInitializationParameters.h */; };
E1EE53E311F8CFC000CCBEE4 /* InjectedBundlePageEditorClient.h in Headers */ = {isa = PBXBuildFile; fileRef = E1EE53DC11F8CF9F00CCBEE4 /* InjectedBundlePageEditorClient.h */; };
+ E36FF00327F36FBD004BE21A /* SandboxStateVariables.h in Headers */ = {isa = PBXBuildFile; fileRef = E36FF00127F36FBD004BE21A /* SandboxStateVariables.h */; };
+ E36FF00427F36FBD004BE21A /* preferences.sb in Resources */ = {isa = PBXBuildFile; fileRef = E36FF00227F36FBD004BE21A /* preferences.sb */; };
E3816B3D27E2463A005EAFC0 /* WebMockContentFilterManager.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E3816B3B27E24639005EAFC0 /* WebMockContentFilterManager.cpp */; };
E3816B3E27E2463A005EAFC0 /* WebMockContentFilterManager.h in Headers */ = {isa = PBXBuildFile; fileRef = E3816B3C27E24639005EAFC0 /* WebMockContentFilterManager.h */; };
E3866AE52397400400F88FE9 /* WebDeviceOrientationUpdateProviderProxy.mm in Sources */ = {isa = PBXBuildFile; fileRef = E3866AE42397400400F88FE9 /* WebDeviceOrientationUpdateProviderProxy.mm */; };
@@ -7100,9 +7102,10 @@
E3439B632345463A0011DE0B /* NetworkProcessConnectionInfo.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; name = NetworkProcessConnectionInfo.h; path = Network/NetworkProcessConnectionInfo.h; sourceTree = "<group>"; };
E34B110C27C46BC6006D2F2E /* libWebCoreTestShim.dylib */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; path = libWebCoreTestShim.dylib; sourceTree = BUILT_PRODUCTS_DIR; };
E34B110F27C46D09006D2F2E /* libWebCoreTestSupport.dylib */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.dylib"; path = libWebCoreTestSupport.dylib; sourceTree = BUILT_PRODUCTS_DIR; };
- E3612FF026F90862007B1175 /* Sandbox */ = {isa = PBXFileReference; lastKnownFileType = folder; path = Sandbox; sourceTree = "<group>"; };
E36D701A27B709ED006531B7 /* WebAttachmentElementClient.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = WebAttachmentElementClient.h; sourceTree = "<group>"; };
E36D701D27B718EF006531B7 /* WebAttachmentElementClient.cpp */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.cpp; path = WebAttachmentElementClient.cpp; sourceTree = "<group>"; };
+ E36FF00127F36FBD004BE21A /* SandboxStateVariables.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = SandboxStateVariables.h; sourceTree = "<group>"; };
+ E36FF00227F36FBD004BE21A /* preferences.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = preferences.sb; sourceTree = "<group>"; };
E3816B3B27E24639005EAFC0 /* WebMockContentFilterManager.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebMockContentFilterManager.cpp; path = Network/WebMockContentFilterManager.cpp; sourceTree = "<group>"; };
E3816B3C27E24639005EAFC0 /* WebMockContentFilterManager.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = WebMockContentFilterManager.h; path = Network/WebMockContentFilterManager.h; sourceTree = "<group>"; };
E3866AE42397400400F88FE9 /* WebDeviceOrientationUpdateProviderProxy.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = WebDeviceOrientationUpdateProviderProxy.mm; path = ios/WebDeviceOrientationUpdateProviderProxy.mm; sourceTree = "<group>"; };
@@ -7888,7 +7891,7 @@
BC111B5A112F628200337BAB /* mac */,
51AF1B3D271F46A6001538E6 /* Notifications */,
2D2E04761F5BEC4F00BB25ED /* RemoteLayerTree */,
- E3612FF026F90862007B1175 /* Sandbox */,
+ E36FEFFE27F36F34004BE21A /* Sandbox */,
1CB74645274379F100F19874 /* WebGPU */,
1ABF43781A368035003FB0E6 /* WebsiteData */,
118502602673B0DA00A6425E /* XR */,
@@ -13700,6 +13703,15 @@
name = PDF;
sourceTree = "<group>";
};
+ E36FEFFE27F36F34004BE21A /* Sandbox */ = {
+ isa = PBXGroup;
+ children = (
+ E36FF00227F36FBD004BE21A /* preferences.sb */,
+ E36FF00127F36FBD004BE21A /* SandboxStateVariables.h */,
+ );
+ path = Sandbox;
+ sourceTree = "<group>";
+ };
E404906F21DE65D70037F0DB /* mac */ = {
isa = PBXGroup;
children = (
@@ -14000,13 +14012,7 @@
2DD9EB2D1A6F012500BB1267 /* APINavigationClient.h in Headers */,
BCF69FA21176D01400471A52 /* APINavigationData.h in Headers */,
2DF9EEEE1A786EAD00B6CFBE /* APINavigationResponse.h in Headers */,
- DD4DB788280F9471001700D4 /* EnterFullscreen.js in Headers */,
- DD4DB789280F9471001700D4 /* FindNodes.js in Headers */,
- DD4DB78A280F9471001700D4 /* FormElementClear.js in Headers */,
- DD4DB78B280F9471001700D4 /* FormSubmit.js in Headers */,
7A1E2A851EEFE8920037A0E0 /* APINotificationProvider.h in Headers */,
- DD4DB787280F945E001700D4 /* ElementDisplayed.js in Headers */,
- DD4DB786280F945A001700D4 /* ElementAttribute.js in Headers */,
BC33DD681238464600360F3F /* APINumber.h in Headers */,
BC857FB512B830E600EDEB2E /* APIOpenPanelParameters.h in Headers */,
7C89D2981A6753B2003A5FDE /* APIPageConfiguration.h in Headers */,
@@ -14274,8 +14280,11 @@
2DA6731A20C754B1003CB401 /* DynamicViewportSizeUpdate.h in Headers */,
E105FE5418D7B9DE008F57A8 /* EditingRange.h in Headers */,
1AA41AB512C02EC4002BE67B /* EditorState.h in Headers */,
+ DD4DB786280F945A001700D4 /* ElementAttribute.js in Headers */,
+ DD4DB787280F945E001700D4 /* ElementDisplayed.js in Headers */,
BC032DA810F437D10058C15A /* Encoder.h in Headers */,
CDCDC99D248FE8DA00A69522 /* EndowmentStateTracker.h in Headers */,
+ DD4DB788280F9471001700D4 /* EnterFullscreen.js in Headers */,
51B15A8513843A3900321AD8 /* EnvironmentUtilities.h in Headers */,
1AA575FB1496B52600A4EE06 /* EventDispatcher.h in Headers */,
572EBBD72537EBAE000552B3 /* ExtraPrivateSymbolsForTAPI.h in Headers */,
@@ -14286,9 +14295,12 @@
9312BAD526F33C2600FDDF5F /* FileSystemStorageManager.h in Headers */,
00B9661A18E25AE100CE1F88 /* FindClient.h in Headers */,
1A90C1F41264FD71003E44D4 /* FindController.h in Headers */,
+ DD4DB789280F9471001700D4 /* FindNodes.js in Headers */,
C59C4A5918B81174007BDCB6 /* FocusedElementInformation.h in Headers */,
BCE81D8D1319F7EF00241910 /* FontInfo.h in Headers */,
9BD8AB4A25820E53005386F8 /* FontReference.h in Headers */,
+ DD4DB78A280F9471001700D4 /* FormElementClear.js in Headers */,
+ DD4DB78B280F9471001700D4 /* FormSubmit.js in Headers */,
1A14F8E21D74C834006CBEC6 /* FrameInfoData.h in Headers */,
1AE00D611831792100087DD7 /* FrameLoadState.h in Headers */,
5C121E842410208D00486F9B /* FrameTreeNodeData.h in Headers */,
@@ -14616,6 +14628,7 @@
BC2D021712AC41CB00E732A3 /* SameDocumentNavigationType.h in Headers */,
1AAB4A8D1296F0A20023952F /* SandboxExtension.h in Headers */,
E1E552C516AE065F004ED653 /* SandboxInitializationParameters.h in Headers */,
+ E36FF00327F36FBD004BE21A /* SandboxStateVariables.h in Headers */,
7BAB111025DD02B3008FC479 /* ScopedActiveMessageReceiveQueue.h in Headers */,
E4D54D0421F1D72D007E3C36 /* ScrollingTreeFrameScrollingNodeRemoteIOS.h in Headers */,
0F931C1C18C5711900DBA7C3 /* ScrollingTreeOverflowScrollingNodeIOS.h in Headers */,
@@ -14861,7 +14874,6 @@
BCE469541214E6CB000B98EB /* WebFormClient.h in Headers */,
DDA0A2B527E55E4E005E086E /* WebFormDelegate.h in Headers */,
DDA0A30127E55E4E005E086E /* WebFormDelegatePrivate.h in Headers */,
- 519DFBE7281387C1003FF6AD /* WKNotificationPrivateMac.h in Headers */,
BCE469561214E6CB000B98EB /* WebFormSubmissionListenerProxy.h in Headers */,
E5227D8427A11261008EAB57 /* WebFoundTextRange.h in Headers */,
E55CFD4E279D31E5002F1020 /* WebFoundTextRangeController.h in Headers */,
@@ -15350,6 +15362,7 @@
318BE17914743E6F00A8FBB2 /* WKNotification.h in Headers */,
318BE17114743DB100A8FBB2 /* WKNotificationManager.h in Headers */,
31A2EC74148D59CA00810D71 /* WKNotificationPermissionRequest.h in Headers */,
+ 519DFBE7281387C1003FF6AD /* WKNotificationPrivateMac.h in Headers */,
312C0C4A146DDC8A0016C911 /* WKNotificationProvider.h in Headers */,
37C4C0941814B3AF003688B9 /* WKNSArray.h in Headers */,
373CEAD6185417AE008C363D /* WKNSData.h in Headers */,
@@ -15975,6 +15988,7 @@
6BE969C11E54D452008B7483 /* corePrediction_model in Resources */,
8DC2EF530486A6940098B216 /* InfoPlist.strings in Resources */,
3FB08E431F60B240005E5312 /* iOS.xcassets in Resources */,
+ E36FF00427F36FBD004BE21A /* preferences.sb in Resources */,
5C8BC797218CBB4800813886 /* SafeBrowsing.xcassets in Resources */,
);
runOnlyForDeploymentPostprocessing = 0;
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (293594 => 293595)
--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp 2022-04-28 23:31:24 UTC (rev 293595)
@@ -459,6 +459,11 @@
Ref<WebPage> WebPage::create(PageIdentifier pageID, WebPageCreationParameters&& parameters)
{
+ auto page = adoptRef(*new WebPage(pageID, WTFMove(parameters)));
+
+ if (WebProcess::singleton().injectedBundle())
+ WebProcess::singleton().injectedBundle()->didCreatePage(page.ptr());
+
#if HAVE(SANDBOX_STATE_FLAGS)
// This call is not meant to actually read a preference, but is only here to trigger a sandbox rule in the
// WebContent process, which will toggle a sandbox variable used to determine if the WebContent process
@@ -466,11 +471,6 @@
CFPreferencesGetAppIntegerValue(CFSTR("key"), CFSTR("com.apple.WebKit.WebContent.Launch"), nullptr);
#endif
- Ref<WebPage> page = adoptRef(*new WebPage(pageID, WTFMove(parameters)));
-
- if (WebProcess::singleton().injectedBundle())
- WebProcess::singleton().injectedBundle()->didCreatePage(page.ptr());
-
return page;
}
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (293594 => 293595)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2022-04-28 22:47:35 UTC (rev 293594)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2022-04-28 23:31:24 UTC (rev 293595)
@@ -2056,27 +2056,42 @@
#endif
#if HAVE(SANDBOX_MESSAGE_FILTERING)
-(if (and (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES") (defined? 'mach-bootstrap))
+(define (mach-bootstrap-message-numbers)
+ (message-number 204 207 301 711 800 804))
+
+(define (allow-mach-bootstrap-with-filter)
(allow mach-bootstrap
(apply-message-filter
+ (deny mach-message-send (with telemetry))
+ (allow mach-message-send
+ (mach-bootstrap-message-numbers)))))
+
+(if (and (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES") (defined? 'mach-bootstrap))
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
- (deny mach-message-send (with telemetry))
- (allow mach-message-send (message-number
+#if HAVE(SANDBOX_STATE_FLAGS)
+ (begin
+ (if (require-ancestor-with-entitlement "com.apple.private.security.enable-state-flags")
+ (allow mach-bootstrap
+ (apply-message-filter
+ (allow mach-message-send (with telemetry-backtrace))))
+ ;; else
+ (allow-mach-bootstrap-with-filter))
+
+ (with-filter
+ (require-any
+ (require-not (state-flag "WebContentProcessLaunched"))
+ (state-flag "EnableMachBootstrap"))
+ (allow-mach-bootstrap-with-filter))))
#else
+ (allow-mach-bootstrap-with-filter))
+#endif // HAVE(SANDBOX_STATE_FLAGS)
+#else
+ (allow mach-bootstrap
+ (apply-message-filter
(deny xpc-message-send (with telemetry))
- (allow xpc-message-send (message-number
+ (allow xpc-message-send
+ (mach-bootstrap-message-numbers)))))
#endif
- 204
- 207
- 301
- 711
- 800
- 804
- )
- )
- )
- )
-)
(if (and (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES") (defined? 'mach-kernel-endpoint))
(allow mach-kernel-endpoint