[webkit-changes] [254365] trunk

[bfulgham]

Title: [254365] trunk

Revision

254365

Author

bfulg...@apple.com

Date

2020-01-10 14:17:17 -0800 (Fri, 10 Jan 2020)

Log Message

Remove 'com.apple.iohideventsystem' from the WebContent process sandbox
https://bugs.webkit.org/show_bug.cgi?id=206085
<rdar://problem/36085204>

Reviewed by Alex Christensen.

After r253357 we no longer need access to 'com.apple.iohideventsystem', and should remove it from
the WebContent process sandbox.

Source/WebKit:

Test: fast/sandbox/ios/sandbox-mach-lookup.html

* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/LayoutTests/ChangeLog (254364 => 254365)

--- trunk/LayoutTests/ChangeLog	2020-01-10 21:38:08 UTC (rev 254364)
+++ trunk/LayoutTests/ChangeLog	2020-01-10 22:17:17 UTC (rev 254365)
@@ -1,5 +1,19 @@
 2020-01-10  Brent Fulgham  <bfulg...@apple.com>
 
+        Remove 'com.apple.iohideventsystem' from the WebContent process sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=206085
+        <rdar://problem/36085204>
+
+        Reviewed by Alex Christensen.
+
+        After r253357 we no longer need access to 'com.apple.iohideventsystem', and should remove it from
+        the WebContent process sandbox.
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
+2020-01-10  Brent Fulgham  <bfulg...@apple.com>
+
         [iOS] Remove 'com.apple.cookied' from the WebContent process sandbox
         https://bugs.webkit.org/show_bug.cgi?id=206083
         <rdar://problem/56963865>

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (254364 => 254365)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-01-10 21:38:08 UTC (rev 254364)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-01-10 22:17:17 UTC (rev 254365)
@@ -7,6 +7,7 @@
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.viewservice") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.TextInput") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iohideventsystem") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.locationd.registration") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nehelper") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nesessionmanager") is false

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (254364 => 254365)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-01-10 21:38:08 UTC (rev 254364)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-01-10 22:17:17 UTC (rev 254365)
@@ -10,6 +10,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.viewservice\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.TextInput\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.cookied\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iohideventsystem\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.locationd.registration\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nehelper\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nesessionmanager\")");

Modified: trunk/Source/WebKit/ChangeLog (254364 => 254365)

--- trunk/Source/WebKit/ChangeLog	2020-01-10 21:38:08 UTC (rev 254364)
+++ trunk/Source/WebKit/ChangeLog	2020-01-10 22:17:17 UTC (rev 254365)
@@ -1,5 +1,21 @@
 2020-01-10  Brent Fulgham  <bfulg...@apple.com>
 
+        Remove 'com.apple.iohideventsystem' from the WebContent process sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=206085
+        <rdar://problem/36085204>
+
+        Reviewed by Alex Christensen.
+
+        After r253357 we no longer need access to 'com.apple.iohideventsystem', and should remove it from
+        the WebContent process sandbox.
+
+        Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
+2020-01-10  Brent Fulgham  <bfulg...@apple.com>
+
         [iOS] Remove 'com.apple.cookied' from the WebContent process sandbox
         https://bugs.webkit.org/show_bug.cgi?id=206083
         <rdar://problem/56963865>

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (254364 => 254365)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-01-10 21:38:08 UTC (rev 254364)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-01-10 22:17:17 UTC (rev 254365)
@@ -433,7 +433,6 @@
 
     (allow mach-lookup (with report) (with telemetry)
         (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
-        (global-name "com.apple.iohideventsystem")
     )
 
     (allow mach-lookup

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (254364 => 254365)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-10 21:38:08 UTC (rev 254364)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-10 22:17:17 UTC (rev 254365)
@@ -443,7 +443,6 @@
 
     (allow mach-lookup (with report) (with telemetry)
         (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
-        (global-name "com.apple.iohideventsystem")
     )
 
     (allow mach-lookup

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes