[webkit-changes] [254379] trunk

Fri, 10 Jan 2020 16:22:53 -0800

Title: [254379] trunk
Revision
254379
Author
[email protected]
Date
2020-01-10 16:21:59 -0800 (Fri, 10 Jan 2020)

Log Message

[iOS] Remove used media-related mach services from the WebContent process sandbox
https://bugs.webkit.org/show_bug.cgi?id=206089
<rdar://problem/58489478>

Reviewed by Per Arne Vollan.

After conducting multiple test passes and large-scale living-on testing with telemetry, we have
confirmed that the following XPC services are not used by the media logic in WebKit, and can be
removed:

    com.apple.coremedia.cpeprotector.xpc
    com.apple.coremedia.figcontentkeysession.xpc
    com.apple.coremedia.routingsessionmanager.xpc
    com.apple.coremedia.sts

Source/WebKit:

Test: fast/sandbox/ios/sandbox-mach-lookup.html

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (254378 => 254379)


--- trunk/LayoutTests/ChangeLog	2020-01-11 00:13:12 UTC (rev 254378)
+++ trunk/LayoutTests/ChangeLog	2020-01-11 00:21:59 UTC (rev 254379)
@@ -1,3 +1,23 @@
+2020-01-10  Brent Fulgham  <[email protected]>
+
+        [iOS] Remove used media-related mach services from the WebContent process sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=206089
+        <rdar://problem/58489478>
+
+        Reviewed by Per Arne Vollan.
+
+        After conducting multiple test passes and large-scale living-on testing with telemetry, we have
+        confirmed that the following XPC services are not used by the media logic in WebKit, and can be
+        removed:
+
+            com.apple.coremedia.cpeprotector.xpc
+            com.apple.coremedia.figcontentkeysession.xpc
+            com.apple.coremedia.routingsessionmanager.xpc
+            com.apple.coremedia.sts
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
 2020-01-10  Antti Koivisto  <[email protected]>
 
         [LFC][Integration] Update style for layout boxes

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (254378 => 254379)


--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-01-11 00:13:12 UTC (rev 254378)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-01-11 00:21:59 UTC (rev 254379)
@@ -8,6 +8,10 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.TextInput") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.awdd") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.coremedia.cpeprotector.xpc") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.coremedia.figcontentkeysession.xpc") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.coremedia.routingsessionmanager.xpc") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.coremedia.sts") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iohideventsystem") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.locationd.registration") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nehelper") is false

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (254378 => 254379)


--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-01-11 00:13:12 UTC (rev 254378)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-01-11 00:21:59 UTC (rev 254379)
@@ -11,6 +11,10 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.TextInput\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.awdd\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.cookied\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.coremedia.cpeprotector.xpc\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.coremedia.figcontentkeysession.xpc\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.coremedia.routingsessionmanager.xpc\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.coremedia.sts\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iohideventsystem\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.locationd.registration\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nehelper\")");

Modified: trunk/Source/WebKit/ChangeLog (254378 => 254379)


--- trunk/Source/WebKit/ChangeLog	2020-01-11 00:13:12 UTC (rev 254378)
+++ trunk/Source/WebKit/ChangeLog	2020-01-11 00:21:59 UTC (rev 254379)
@@ -1,5 +1,26 @@
 2020-01-10  Brent Fulgham  <[email protected]>
 
+        [iOS] Remove used media-related mach services from the WebContent process sandbox
+        https://bugs.webkit.org/show_bug.cgi?id=206089
+        <rdar://problem/58489478>
+
+        Reviewed by Per Arne Vollan.
+
+        After conducting multiple test passes and large-scale living-on testing with telemetry, we have
+        confirmed that the following XPC services are not used by the media logic in WebKit, and can be
+        removed:
+
+            com.apple.coremedia.cpeprotector.xpc
+            com.apple.coremedia.figcontentkeysession.xpc
+            com.apple.coremedia.routingsessionmanager.xpc
+            com.apple.coremedia.sts
+
+        Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
+2020-01-10  Brent Fulgham  <[email protected]>
+
         [iOS] Remove 'com.apple.awdd' from the WebContent process sandbox
         https://bugs.webkit.org/show_bug.cgi?id=206095
         <rdar://problem/56871147>

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (254378 => 254379)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-11 00:13:12 UTC (rev 254378)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-11 00:21:59 UTC (rev 254379)
@@ -178,12 +178,8 @@
            (global-name "com.apple.coremedia.volumecontroller.xpc"))
 
     (allow mach-lookup (with report) (with telemetry)
-        (global-name "com.apple.coremedia.cpeprotector.xpc")
         (global-name "com.apple.coremedia.endpoint.xpc")
-        (global-name "com.apple.coremedia.figcontentkeysession.xpc")
-        (global-name "com.apple.coremedia.figcpecryptor")
-        (global-name "com.apple.coremedia.routingsessionmanager.xpc")
-        (global-name "com.apple.coremedia.sts"))
+        (global-name "com.apple.coremedia.figcpecryptor"))
 
     (mobile-preferences-read
         "com.apple.avfoundation"

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to