[webkit-changes] [217665] trunk/Source/WebKit2

[cdumez]

Title: [217665] trunk/Source/WebKit2

Revision

217665

Author

cdu...@apple.com

Date

2017-06-01 11:01:45 -0700 (Thu, 01 Jun 2017)

Log Message

[WK2] Update plugin process sandbox profile for flash plugin on HBONow
https://bugs.webkit.org/show_bug.cgi?id=172820
<rdar://problem/32513297>

Reviewed by Brent Fulgham.

Relax the IOKit whitelist to silence sandbox violations by Flash plugin on
HBONow.

* PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in

Diff

Modified: trunk/Source/WebKit2/ChangeLog (217664 => 217665)

--- trunk/Source/WebKit2/ChangeLog	2017-06-01 17:59:33 UTC (rev 217664)
+++ trunk/Source/WebKit2/ChangeLog	2017-06-01 18:01:45 UTC (rev 217665)
@@ -1,3 +1,16 @@
+2017-06-01  Chris Dumez  <cdu...@apple.com>
+
+        [WK2] Update plugin process sandbox profile for flash plugin on HBONow
+        https://bugs.webkit.org/show_bug.cgi?id=172820
+        <rdar://problem/32513297>
+
+        Reviewed by Brent Fulgham.
+
+        Relax the IOKit whitelist to silence sandbox violations by Flash plugin on
+        HBONow.
+
+        * PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:
+
 2017-06-01  Andy Estes  <aes...@apple.com>
 
         [Cocoa] Upstream support for JCB as a supported payment network

Modified: trunk/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in (217664 => 217665)

--- trunk/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in	2017-06-01 17:59:33 UTC (rev 217664)
+++ trunk/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in	2017-06-01 18:01:45 UTC (rev 217665)
@@ -44,9 +44,15 @@
 
 (deny iokit-get-properties)
 (allow iokit-get-properties
+    (iokit-property "AAPL,mux-switch-state")
+    (iokit-property-regex #"^ATY,fb_(linebytes|offset|size)")
     (iokit-property "AllowDisplaySleep")
-    (iokit-property "DisplayRouting")
+    (iokit-property "AppleDisplayType")
+    (iokit-property "AppleSense")
+    (iokit-property "CFBundleIdentifier")
+    (iokit-property-regex #"^Display(ParameterHandlerUsesCharPtr|ProductID|Routing|SerialNumber|VendorID)")
     (iokit-property "DeviceEqID")
+    (iokit-property-regex #"^IOAccel(Index|Revision|Types)")
     (iokit-property-regex #"^IOAudioControl(ChannelID|ID|SubType|Usage)")
     (iokit-property-regex #"^IOAudioDevice(CanBeDefaults|TransportType)")
     (iokit-property-regex #"^IOAudioEngine(ChannelNames|ClientDescription|CoreAudioPlugIn|(|Device)Description|Flavor|GlobalUniqueID|OutputChannelLayout|SampleOffset|State)")
@@ -57,15 +63,25 @@
     (iokit-property "IOAudioSampleRate")
     (iokit-property "IOAudioStreamSampleFormatByteOrder")
     (iokit-property "IOClassNameOverride")
+    (iokit-property "IOCFPlugInTypes")
+    (iokit-property "IOClass")
     (iokit-property "IOConsoleUsers")
-    (iokit-property "IOFBCurrentPixelClock")
+    (iokit-property-regex #"^IODisplay(Attributes|CapabilityString|ConnectFlags|ControllerID|EDID|FirmwareLevel|MCCSVersion|Parameters|PrefsKey|TechnologyType|UsageTime)")
+    (iokit-property-regex #"^IOFB(CLUTDefer|Config|CurrentPixelClock|CurrentPixelCount|CursorInfo|DependentID|DependentIndex|DetailedTimings|GammaCount|GammaHeaderSize|GammaWidth|I2CInterfaceIDs|I2CInterfaceInfo|MemorySize|NeedsRefresh|ProbeOptions|ScalerInfo|TimingRange|Transform|UIScale|WaitCursorFrames|WaitCursorPeriod)")
     (iokit-property-regex #"^IOFBCurrentPixelCount(Real)")
+    (iokit-property "IOFramebufferOpenGLIndex")
     (iokit-property "IOGeneralInterest")
     (iokit-property "IOGLBundleName")
     (iokit-property "IOGVACodec")
     (iokit-property-regex "^IOGVA[A-Z]+Decode")
     (iokit-property "IOMACAddress") ;; For some Flash players
+    (iokit-property "IOMatchCategory")
+    (iokit-property-regex #"^IOName(Match|Matched)")
+    (iokit-property "IOPMStrictTreeOrder")
     (iokit-property "IOPlatformSerialNumber") ;; Ditto
+    (iokit-property "IOPowerManagement")
+    (iokit-property "IOProbeScore")
+    (iokit-property "IOProviderClass")
     (iokit-property "IOScreenRestoreState")
     (iokit-property "IOVARendererID")
     (iokit-property-regex #"^MetalPlugin(Name|ClassName)")
@@ -73,8 +89,16 @@
     (iokit-property "Protocol Characteristics")
     (iokit-property "SupportAudioAUUC")
     (iokit-property "board-id")
+    (iokit-property "audio-codec-info")
+    (iokit-property "av-signal-type")
+    (iokit-property "boot-gamma-restored")
+    (iokit-property "built-in")
+    (iokit-property "device-colors")
+    (iokit-property "graphic-options")
     (iokit-property "idProduct")
-    (iokit-property "idVendor"))
+    (iokit-property "idVendor")
+    (iokit-property "iofb_version")
+    (iokit-property "startup-timing"))
 #endif
 
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes