[webkit-changes] [254376] trunk

[bfulgham]

Title: [254376] trunk

Revision

254376

Author

bfulg...@apple.com

Date

2020-01-10 16:00:10 -0800 (Fri, 10 Jan 2020)

Log Message

[iOS] Remove 'com.apple.awdd' from the WebContent process sandbox
https://bugs.webkit.org/show_bug.cgi?id=206095
<rdar://problem/56871147>

Reviewed by Per Arne Vollan.

We no longer need access to 'com.apple.awdd' in the iOS WebContent sandbox. We should remove
it from the sandbox.

Source/WebKit:

Test: fast/sandbox/ios/sandbox-mach-lookup.html

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/LayoutTests/ChangeLog (254375 => 254376)

--- trunk/LayoutTests/ChangeLog	2020-01-10 23:59:20 UTC (rev 254375)
+++ trunk/LayoutTests/ChangeLog	2020-01-11 00:00:10 UTC (rev 254376)
@@ -1,3 +1,17 @@
+2020-01-10  Brent Fulgham  <bfulg...@apple.com>
+
+        [iOS] Remove 'com.apple.awdd' from the WebContent process sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=206095
+        <rdar://problem/56871147>
+
+        Reviewed by Per Arne Vollan.
+
+        We no longer need access to 'com.apple.awdd' in the iOS WebContent sandbox. We should remove
+        it from the sandbox.
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
 2020-01-09  Per Arne Vollan  <pvol...@apple.com>
 
         Map CSS value ID to system color in the UI process

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (254375 => 254376)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-01-10 23:59:20 UTC (rev 254375)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-01-11 00:00:10 UTC (rev 254376)
@@ -6,6 +6,7 @@
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.apple-extension-service") is false
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.viewservice") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.TextInput") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.awdd") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iohideventsystem") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.locationd.registration") is false

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (254375 => 254376)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-01-10 23:59:20 UTC (rev 254375)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-01-11 00:00:10 UTC (rev 254376)
@@ -9,6 +9,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.apple-extension-service\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.viewservice\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.TextInput\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.awdd\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.cookied\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iohideventsystem\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.locationd.registration\")");

Modified: trunk/Source/WebKit/ChangeLog (254375 => 254376)

--- trunk/Source/WebKit/ChangeLog	2020-01-10 23:59:20 UTC (rev 254375)
+++ trunk/Source/WebKit/ChangeLog	2020-01-11 00:00:10 UTC (rev 254376)
@@ -1,3 +1,18 @@
+2020-01-10  Brent Fulgham  <bfulg...@apple.com>
+
+        [iOS] Remove 'com.apple.awdd' from the WebContent process sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=206095
+        <rdar://problem/56871147>
+
+        Reviewed by Per Arne Vollan.
+
+        We no longer need access to 'com.apple.awdd' in the iOS WebContent sandbox. We should remove
+        it from the sandbox.
+
+        Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-01-09  Per Arne Vollan  <pvol...@apple.com>
 
         Map CSS value ID to system color in the UI process

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (254375 => 254376)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-10 23:59:20 UTC (rev 254375)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-11 00:00:10 UTC (rev 254376)
@@ -364,8 +364,7 @@
         (allow-create-directory (literal base-directory))
         (allow file-read* file-write*
             (prefix (string-append base-directory "/awd-" daemon-name ".log")))
-        (allow mach-lookup (with report) (with telemetry)
-               (global-name "com.apple.awdd"))))
+))
 
 (define-once (logd-diagnostic-paths)
     (require-any

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes