[webkit-changes] [258750] trunk/Source/WebKit

[bfulgham]

Title: [258750] trunk/Source/WebKit

Revision

258750

Author

bfulg...@apple.com

Date

2020-03-19 20:05:51 -0700 (Thu, 19 Mar 2020)

Log Message

[macoOS] Remove access to 'apple-extension-services' from the WebContent sandbox
https://bugs.webkit.org/show_bug.cgi?id=209324
<rdar://problem/58089661>

Reviewed by Per Arne Vollan.

Remove the last of permissions for the unused 'apple-extension-services' mach service.

* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
* WebProcess/com.apple.WebProcess.sb.in:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb
• trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (258749 => 258750)

--- trunk/Source/WebKit/ChangeLog	2020-03-20 03:05:11 UTC (rev 258749)
+++ trunk/Source/WebKit/ChangeLog	2020-03-20 03:05:51 UTC (rev 258750)
@@ -1,3 +1,17 @@
+2020-03-19  Brent Fulgham  <bfulg...@apple.com>
+
+        [macoOS] Remove access to 'apple-extension-services' from the WebContent sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=209324
+        <rdar://problem/58089661>
+
+        Reviewed by Per Arne Vollan.
+
+        Remove the last of permissions for the unused 'apple-extension-services' mach service.
+
+        * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2020-03-19  Tim Horton  <timothy_hor...@apple.com>
 
         Upstream a variety of Cocoa-platform HAVE and ENABLE macros

Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (258749 => 258750)

--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2020-03-20 03:05:11 UTC (rev 258749)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2020-03-20 03:05:51 UTC (rev 258750)
@@ -399,7 +399,6 @@
     (xpc-service-name "com.apple.audio.SandboxHelper")
     (xpc-service-name "com.apple.coremedia.videodecoder")
     (xpc-service-name "com.apple.coremedia.videoencoder")
-    (xpc-service-name-regex #"\.apple-extension-service$")
     (xpc-service-name "com.apple.hiservices-xpcservice")
     (xpc-service-name "com.apple.print.normalizerd")
 )

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (258749 => 258750)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-03-20 03:05:11 UTC (rev 258749)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-03-20 03:05:51 UTC (rev 258750)
@@ -401,7 +401,6 @@
 
     (allow mach-lookup (with report) (with telemetry)
         (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")
-        (xpc-service-name-regex #"\.apple-extension-service$") ;; <rdar://problem/19525887>
         (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371>
     )
 

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (258749 => 258750)

--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-03-20 03:05:11 UTC (rev 258749)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-03-20 03:05:51 UTC (rev 258750)
@@ -406,12 +406,11 @@
     (xpc-service-name "com.apple.print.normalizerd")
 )
 
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101600
 (allow mach-lookup
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
-    (with report) (with telemetry)
-#endif
     (xpc-service-name-regex #"\.apple-extension-service$")
 )
+#endif
 
 ;; Utility functions for home directory relative path filters
 (define (home-regex home-relative-regex)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes