Skip to site navigation (Press enter)

[webkit-changes] [251688] trunk/Source/WebKit

pvollan Mon, 28 Oct 2019 17:24:39 -0700

Title: [251688] trunk/Source/WebKit

Revision: 251688
Author: [email protected]
Date: 2019-10-28 17:21:53 -0700 (Mon, 28 Oct 2019)

Log Message

[iOS] Fix sandbox violations
https://bugs.webkit.org/show_bug.cgi?id=203505


Reviewed by Brent Fulgham.

Running layout tests shows that allowing mach lookup is needed for a set of services which was previously denied.
This patch add rules for allowing these services again. The service 'com.apple.logd.events' is still denied, since
it has not been observed to be in use.

No new tests, covered by existing tests.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/Source/WebKit/ChangeLog (251687 => 251688)


--- trunk/Source/WebKit/ChangeLog	2019-10-29 00:09:41 UTC (rev 251687)
+++ trunk/Source/WebKit/ChangeLog	2019-10-29 00:21:53 UTC (rev 251688)
@@ -1,3 +1,18 @@
+2019-10-28  Per Arne Vollan  <[email protected]>
+
+        [iOS] Fix sandbox violations
+        https://bugs.webkit.org/show_bug.cgi?id=203505
+
+        Reviewed by Brent Fulgham.
+
+        Running layout tests shows that allowing mach lookup is needed for a set of services which was previously denied.
+        This patch add rules for allowing these services again. The service 'com.apple.logd.events' is still denied, since
+        it has not been observed to be in use.
+
+        No new tests, covered by existing tests.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2019-10-28  Alex Christensen  <[email protected]>
 
         Unreviewed, rolling out r251675.

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (251687 => 251688)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2019-10-29 00:09:41 UTC (rev 251687)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2019-10-29 00:21:53 UTC (rev 251688)
@@ -451,12 +451,20 @@
         (extension-class "com.apple.app-sandbox.read-write" "com.apple.app-sandbox.read")
         (extension "com.apple.fileprovider.read-write")))
 
-(deny mach-lookup (with no-report)
-    (global-name "com.apple.logd")
+(allow mach-lookup
+    (global-name "com.apple.logd"))
+
+(deny mach-lookup (with send-signal SIGKILL)
     (global-name "com.apple.logd.events"))
 
+(allow mach-lookup
+    (global-name "com.apple.cfprefsd.daemon"))
+
 (allow ipc-posix-shm-read*
        (ipc-posix-name-prefix "apple.cfprefs."))
+ 
+(allow mach-lookup
+    (global-name "com.apple.lsd.mapdb"))
 
 ;; <rdar://problem/12413942>
 (allow file-read*
@@ -484,9 +492,9 @@
 (allow file-read-metadata network-outbound
        (literal "/private/var/run/syslog"))
 
-(deny mach-lookup (with no-report)
+(allow mach-lookup
        (global-name "com.apple.system.notification_center"))
-(deny ipc-posix-shm-read* (with no-report)
+(allow ipc-posix-shm-read*
        (ipc-posix-name "apple.shm.notification_center"))
 
 (logd-diagnostic-client)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes