Skip to site navigation (Press enter)

[webkit-changes] [254363] trunk

bfulgham Fri, 10 Jan 2020 12:40:38 -0800

Title: [254363] trunk

Revision: 254363
Author: [email protected]
Date: 2020-01-10 12:39:31 -0800 (Fri, 10 Jan 2020)

Log Message

Remove com.apple.locationd.registration from the WebContent sandbox
https://bugs.webkit.org/show_bug.cgi?id=206021
<rdar://problem/58451384>


Reviewed by Per Arne Vollan.

Now that we generate a dynamic extension for 'com.apple.locationd.registration', we should remove
the blanket allow rule from the sandbox.

Source/WebKit:

Test: fast/sandbox/ios/sandbox-mach-lookup.html

* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/LayoutTests/ChangeLog (254362 => 254363)


--- trunk/LayoutTests/ChangeLog	2020-01-10 20:32:31 UTC (rev 254362)
+++ trunk/LayoutTests/ChangeLog	2020-01-10 20:39:31 UTC (rev 254363)
@@ -1,3 +1,17 @@
+2020-01-10  Brent Fulgham  <[email protected]>
+
+        Remove com.apple.locationd.registration from the WebContent sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=206021
+        <rdar://problem/58451384>
+
+        Reviewed by Per Arne Vollan.
+
+        Now that we generate a dynamic extension for 'com.apple.locationd.registration', we should remove
+        the blanket allow rule from the sandbox.
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
 2020-01-10  Jiewen Tan  <[email protected]>
 
         [WebAuthn] Support authenticatorGetNextAssertion

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (254362 => 254363)


--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-01-10 20:32:31 UTC (rev 254362)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-01-10 20:39:31 UTC (rev 254363)
@@ -6,6 +6,7 @@
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.apple-extension-service") is false
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.viewservice") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.TextInput") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.locationd.registration") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nehelper") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nesessionmanager") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nesessionmanager.content-filter") is false

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (254362 => 254363)


--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-01-10 20:32:31 UTC (rev 254362)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-01-10 20:39:31 UTC (rev 254363)
@@ -9,6 +9,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.apple-extension-service\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.viewservice\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.TextInput\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.locationd.registration\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nehelper\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nesessionmanager\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nesessionmanager.content-filter\")");

Modified: trunk/Source/WebKit/ChangeLog (254362 => 254363)


--- trunk/Source/WebKit/ChangeLog	2020-01-10 20:32:31 UTC (rev 254362)
+++ trunk/Source/WebKit/ChangeLog	2020-01-10 20:39:31 UTC (rev 254363)
@@ -1,3 +1,19 @@
+2020-01-10  Brent Fulgham  <[email protected]>
+
+        Remove com.apple.locationd.registration from the WebContent sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=206021
+        <rdar://problem/58451384>
+
+        Reviewed by Per Arne Vollan.
+
+        Now that we generate a dynamic extension for 'com.apple.locationd.registration', we should remove
+        the blanket allow rule from the sandbox.
+
+        Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-01-10  Simon Fraser  <[email protected]>
 
         Clean up -[WKWebView _didCommitLayerTree:]

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (254362 => 254363)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-01-10 20:32:31 UTC (rev 254362)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-01-10 20:39:31 UTC (rev 254363)
@@ -112,8 +112,6 @@
             (iokit-user-client-class "AppleKeyStoreUserClient")))
 
 (define-once (location-services)
-    (allow mach-lookup
-           (global-name "com.apple.locationd.registration"))
     (allow-carrier-bundle) ;; <rdar://problem/21192365>
     (mobile-preferences-read
         "com.apple.AppSupport"

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (254362 => 254363)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-10 20:32:31 UTC (rev 254362)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-10 20:39:31 UTC (rev 254363)
@@ -125,8 +125,6 @@
             (iokit-user-client-class "AppleKeyStoreUserClient")))
 
 (define-once (location-services)
-    (allow mach-lookup (with report) (with telemetry)
-           (global-name "com.apple.locationd.registration"))
     (allow-carrier-bundle) ;; <rdar://problem/21192365>
     (mobile-preferences-read
         "com.apple.AppSupport"

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes