[webkit-changes] [257723] trunk

[pvollan]

Title: [257723] trunk

Revision

257723

Author

pvol...@apple.com

Date

2020-03-02 11:57:15 -0800 (Mon, 02 Mar 2020)

Log Message

[iOS] Deny mach lookup access to distributed notifications in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=208455

Reviewed by Brent Fulgham.

Source/WebKit:

On iOS, deny mach lookup access to the service "com.apple.distributed_notifications@1v3" in the WebContent process.

Test: fast/sandbox/ios/sandbox-mach-lookup.html

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/LayoutTests/ChangeLog (257722 => 257723)

--- trunk/LayoutTests/ChangeLog	2020-03-02 19:54:43 UTC (rev 257722)
+++ trunk/LayoutTests/ChangeLog	2020-03-02 19:57:15 UTC (rev 257723)
@@ -1,3 +1,13 @@
+2020-03-02  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Deny mach lookup access to distributed notifications in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=208455
+
+        Reviewed by Brent Fulgham.
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
 2020-03-02  Doug Kelly  <do...@apple.com>
 
         ASSERT(m_column != unsetColumnIndex) in RenderTable::cellBefore

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (257722 => 257723)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-03-02 19:54:43 UTC (rev 257722)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-03-02 19:57:15 UTC (rev 257723)
@@ -20,3 +20,4 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.tccd") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.uikit.viewservice") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.analyticsd") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.distributed_notifications@1v3") is false

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (257722 => 257723)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-03-02 19:54:43 UTC (rev 257722)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-03-02 19:57:15 UTC (rev 257723)
@@ -23,6 +23,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.tccd\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.uikit.viewservice\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.analyticsd\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.distributed_notifications@1v3\")");
 }
 </script>
 </head>

Modified: trunk/Source/WebKit/ChangeLog (257722 => 257723)

--- trunk/Source/WebKit/ChangeLog	2020-03-02 19:54:43 UTC (rev 257722)
+++ trunk/Source/WebKit/ChangeLog	2020-03-02 19:57:15 UTC (rev 257723)
@@ -1,3 +1,16 @@
+2020-03-02  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Deny mach lookup access to distributed notifications in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=208455
+
+        Reviewed by Brent Fulgham.
+
+        On iOS, deny mach lookup access to the service "com.apple.distributed_notifications@1v3" in the WebContent process.
+
+        Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-03-02  Jacob Uphoff  <jacob_uph...@apple.com>
 
         Unreviewed, rolling out r257687.

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (257722 => 257723)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-03-02 19:54:43 UTC (rev 257722)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-03-02 19:57:15 UTC (rev 257723)
@@ -538,7 +538,7 @@
     (global-name "com.apple.logd.events")
 )
 
-(allow mach-lookup (with report) (with telemetry)
+(deny mach-lookup (with report) (with telemetry)
     (global-name "com.apple.distributed_notifications@1v3"))
 
 (allow ipc-posix-shm-read*

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes