Title: [255373] branches/safari-610.1.1-branch/Source/WebKit
- Revision
- 255373
- Author
- repst...@apple.com
- Date
- 2020-01-29 11:39:36 -0800 (Wed, 29 Jan 2020)
Log Message
Cherry-pick r254982. rdar://problem/58778970
Stop capturing telemetry for well-understood sandbox rules (206562)
https://bugs.webkit.org/show_bug.cgi?id=206562
<rdar://problem/58778970>
Reviewed by Per Arne Vollan.
Remove logging of sandbox rules that are now understood, and either confirmed to be needed for proper WebKit operation
or identified for removal through a future update.
No new tests. No change in behavior.
* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254982 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-610.1.1-branch/Source/WebKit/ChangeLog (255372 => 255373)
--- branches/safari-610.1.1-branch/Source/WebKit/ChangeLog 2020-01-29 19:36:27 UTC (rev 255372)
+++ branches/safari-610.1.1-branch/Source/WebKit/ChangeLog 2020-01-29 19:39:36 UTC (rev 255373)
@@ -1,3 +1,42 @@
+2020-01-29 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r254982. rdar://problem/58778970
+
+ Stop capturing telemetry for well-understood sandbox rules (206562)
+ https://bugs.webkit.org/show_bug.cgi?id=206562
+ <rdar://problem/58778970>
+
+ Reviewed by Per Arne Vollan.
+
+ Remove logging of sandbox rules that are now understood, and either confirmed to be needed for proper WebKit operation
+ or identified for removal through a future update.
+
+ No new tests. No change in behavior.
+
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254982 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-01-23 Brent Fulgham <bfulg...@apple.com>
+
+ Stop capturing telemetry for well-understood sandbox rules (206562)
+ https://bugs.webkit.org/show_bug.cgi?id=206562
+ <rdar://problem/58778970>
+
+ Reviewed by Per Arne Vollan.
+
+ Remove logging of sandbox rules that are now understood, and either confirmed to be needed for proper WebKit operation
+ or identified for removal through a future update.
+
+ No new tests. No change in behavior.
+
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
2020-01-28 Russell Epstein <repst...@apple.com>
Cherry-pick r255132. rdar://problem/58871371
Modified: branches/safari-610.1.1-branch/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (255372 => 255373)
--- branches/safari-610.1.1-branch/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2020-01-29 19:36:27 UTC (rev 255372)
+++ branches/safari-610.1.1-branch/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2020-01-29 19:39:36 UTC (rev 255373)
@@ -174,9 +174,10 @@
(sysctl-name
"hw.availcpu"
"hw.ncpu"
- "hw.model"
+ "hw.model" ;; Needed for bundle loading
"kern.maxfilesperproc"
"kern.memorystatus_level"
+ "kern.osproductversion" ;; Needed by CFNetwork (HSTS store and others)
"kern.tcsm_available" ;; Needed for IndexedDB support.
"vm.footprint_suspend")
(sysctl-name-regex #"^net.routetable")
Modified: branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (255372 => 255373)
--- branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2020-01-29 19:36:27 UTC (rev 255372)
+++ branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2020-01-29 19:39:36 UTC (rev 255373)
@@ -237,8 +237,9 @@
(allow user-preference-read (apply preference-domain domains)))
(define-once (mobile-keybag-access)
- (allow iokit-open (with report) (with telemetry)
- (iokit-user-client-class "AppleKeyStoreUserClient")))
+ (allow iokit-open (with telemetry)
+ (iokit-user-client-class "AppleKeyStoreUserClient") ;; Needed by NSURLCache
+))
(define-once (debugging-support)
;; <rdar://problem/8379706>
@@ -432,7 +433,6 @@
(require-entitlement "com.apple.private.kernel.override-cpumon"))
(allow sysctl-read (with report) (with telemetry)
- (sysctl-name "hw.activecpu")
(sysctl-name "hw.busfrequency")
(sysctl-name "hw.busfrequency_compat")
(sysctl-name "hw.byteorder")
@@ -457,10 +457,8 @@
(sysctl-name "hw.l3settings")
(sysctl-name "hw.logicalcpu")
(sysctl-name "hw.logicalcpu_max")
- (sysctl-name "hw.machine")
(sysctl-name "hw.memsize")
(sysctl-name "hw.pagesize")
- (sysctl-name "hw.pagesize_compat")
(sysctl-name "hw.physicalcpu")
(sysctl-name "hw.physicalcpu_max")
(sysctl-name "hw.physmem")
@@ -468,7 +466,6 @@
(sysctl-name "hw.tbfrequency_compat")
(sysctl-name "hw.usermem")
(sysctl-name "hw.vectorunit")
- (sysctl-name "kern.bootargs")
(sysctl-name "kern.boottime")
(sysctl-name "kern.clockrate")
(sysctl-name "kern.development")
@@ -479,10 +476,8 @@
(sysctl-name-prefix "kern.monotonicclock")
(sysctl-name "kern.monotoniclock_offset_usecs")
(sysctl-name "kern.ngroups")
- (sysctl-name "kern.osproductversion")
(sysctl-name "kern.osrelease")
(sysctl-name "kern.ostype")
- (sysctl-name "kern.osvariant_status")
(sysctl-name "kern.osversion")
(sysctl-name "kern.saved_ids")
(sysctl-name "kern.secure_kernel")
@@ -556,12 +551,18 @@
(deny sysctl*)
(allow sysctl-read
(sysctl-name
+ "hw.activecpu" ;; Needed by JSC engine.
"hw.availcpu"
"hw.ncpu"
- "hw.model"
+ "hw.machine" ;; Needed by CFNetwork (CFURLProtocols)
+ "hw.model" ;; Needed for bundle loading
+ "hw.pagesize_compat" ;; Needed by bmalloc
+ "kern.bootargs" ;; Needed for bundle loading
"kern.maxfilesperproc"
"kern.memorystatus_level"
- "kern.tcsm_available" ;; Needed for IndexedDB support.
+ "kern.osproductversion" ;; Needed by CFNetwork (HSTS store and others)
+ "kern.osvariant_status" ;; Needed for bundle loading
+ "kern.tcsm_available" ;; Needed for IndexedDB support
"vm.footprint_suspend"))
;; Access to client's cache folder & re-vending to CFNetwork.
Modified: branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (255372 => 255373)
--- branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-01-29 19:36:27 UTC (rev 255372)
+++ branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-01-29 19:39:36 UTC (rev 255373)
@@ -121,8 +121,9 @@
(mobile-preferences-read "com.apple.MobileAsset")))
(define-once (mobile-keybag-access)
- (allow iokit-open (with report) (with telemetry)
- (iokit-user-client-class "AppleKeyStoreUserClient")))
+ (allow iokit-open (with telemetry)
+ (iokit-user-client-class "AppleKeyStoreUserClient") ;; Needed by NSURLCache
+))
(define-once (location-services)
(allow-carrier-bundle) ;; <rdar://problem/21192365>
@@ -821,7 +822,7 @@
(deny sysctl*)
(allow sysctl-read
(sysctl-name
- "hw.activecpu"
+ "hw.activecpu" ;; Needed by JSC engine.
"hw.availcpu"
"hw.cachelinesize"
"hw.cpufamily" ;; <rdar://problem/58416475>
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
