Title: [240500] trunk/Source/WebKit
- Revision
- 240500
- Author
- [email protected]
- Date
- 2019-01-25 13:40:11 -0800 (Fri, 25 Jan 2019)
Log Message
[iOS] Deny mach lookups to services not used.
https://bugs.webkit.org/show_bug.cgi?id=193828
Reviewed by Brent Fulgham.
Start denying mach lookups to iOS services, which were previously allowed with reporting.
Living-on has indicated that these services are not used.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (240499 => 240500)
--- trunk/Source/WebKit/ChangeLog 2019-01-25 21:35:03 UTC (rev 240499)
+++ trunk/Source/WebKit/ChangeLog 2019-01-25 21:40:11 UTC (rev 240500)
@@ -1,3 +1,15 @@
+2019-01-25 Per Arne Vollan <[email protected]>
+
+ [iOS] Deny mach lookups to services not used.
+ https://bugs.webkit.org/show_bug.cgi?id=193828
+
+ Reviewed by Brent Fulgham.
+
+ Start denying mach lookups to iOS services, which were previously allowed with reporting.
+ Living-on has indicated that these services are not used.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
2019-01-25 Brent Fulgham <[email protected]>
Activate the WebResourceLoadStatisticsStore in the NetworkProcess and deactivate it in the UIProcess.
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (240499 => 240500)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2019-01-25 21:35:03 UTC (rev 240499)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2019-01-25 21:40:11 UTC (rev 240500)
@@ -449,7 +449,11 @@
(global-name "com.apple.coremedia.decompressionsession")
(global-name "com.apple.coremedia.videoqueue"))
-(allow mach-lookup (with report)
+;; These services have been identified as unused during living-on.
+;; This list overrides some definitions above and in common.sb.
+;; FIXME: remove overridden rules once the final list has been
+;; established, see https://bugs.webkit.org/show_bug.cgi?id=193840
+(deny mach-lookup
(global-name "com.apple.AGXCompilerService")
(global-name "com.apple.CoreAuthentication.daemon.libxpc")
(global-name "com.apple.FileCoordination")
@@ -476,7 +480,6 @@
(global-name "com.apple.assertiond.expiration")
(global-name "com.apple.assertiond.processassertionconnection")
(global-name "com.apple.assertiond.processinfoservice")
- (global-name "com.apple.audio.AURemoteIOServer")
(global-name "com.apple.audio.AudioComponentPrefs")
(global-name "com.apple.audio.AudioQueueServer")
(global-name "com.apple.audio.SystemSoundServer-iOS")
@@ -497,11 +500,9 @@
(global-name "com.apple.coremedia.capturesession")
(global-name "com.apple.coremedia.capturesource")
(global-name "com.apple.coremedia.compressionsession")
- (global-name "com.apple.coremedia.endpoint.xpc")
(global-name "com.apple.coremedia.endpointplaybacksession.xpc")
(global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
(global-name "com.apple.coremedia.figcontentkeysession.xpc")
- (global-name "com.apple.coremedia.figcpecryptor")
(global-name "com.apple.coremedia.remotequeue")
(global-name "com.apple.coremedia.samplebufferaudiorenderer.xpc")
(global-name "com.apple.coremedia.samplebufferrendersynchronizer.xpc")
@@ -531,7 +532,6 @@
(global-name "com.apple.marco")
(global-name "com.apple.mediaserverd")
(global-name "com.apple.mobile.usermanagerd.xpc")
- (global-name "com.apple.mobilegestalt.xpc")
(global-name "com.apple.nehelper")
(global-name "com.apple.nesessionmanager")
(global-name "com.apple.pegasus")
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
