[webkit-changes] [255374] branches/safari-610.1.1-branch/Source/WebKit

[repstein]

Title: [255374] branches/safari-610.1.1-branch/Source/WebKit

Revision

255374

Author

repst...@apple.com

Date

2020-01-29 11:39:41 -0800 (Wed, 29 Jan 2020)

Log Message

Cherry-pick r254993. rdar://problem/58778970

    [iOS] Unreviewed follow-up sandbox fix.
    https://bugs.webkit.org/show_bug.cgi?id=206562
    <rdar://problem/58778970>

    I missed a couple of rules that are being overly chatty in the logs in r254982.
    This adds appropriate commands to silence them.

    * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
    * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254993 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

• branches/safari-610.1.1-branch/Source/WebKit/ChangeLog
• branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
• branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: branches/safari-610.1.1-branch/Source/WebKit/ChangeLog (255373 => 255374)

--- branches/safari-610.1.1-branch/Source/WebKit/ChangeLog	2020-01-29 19:39:36 UTC (rev 255373)
+++ branches/safari-610.1.1-branch/Source/WebKit/ChangeLog	2020-01-29 19:39:41 UTC (rev 255374)
@@ -1,5 +1,33 @@
 2020-01-29  Russell Epstein  <repst...@apple.com>
 
+        Cherry-pick r254993. rdar://problem/58778970
+
+    [iOS] Unreviewed follow-up sandbox fix.
+    https://bugs.webkit.org/show_bug.cgi?id=206562
+    <rdar://problem/58778970>
+    
+    I missed a couple of rules that are being overly chatty in the logs in r254982.
+    This adds appropriate commands to silence them.
+    
+    * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+    * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254993 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-01-23  Brent Fulgham  <bfulg...@apple.com>
+
+            [iOS] Unreviewed follow-up sandbox fix.
+            https://bugs.webkit.org/show_bug.cgi?id=206562
+            <rdar://problem/58778970>
+
+            I missed a couple of rules that are being overly chatty in the logs in r254982.
+            This adds appropriate commands to silence them.
+
+            * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+            * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
+2020-01-29  Russell Epstein  <repst...@apple.com>
+
         Cherry-pick r254982. rdar://problem/58778970
 
     Stop capturing telemetry for well-understood sandbox rules (206562)

Modified: branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (255373 => 255374)

--- branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2020-01-29 19:39:36 UTC (rev 255373)
+++ branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2020-01-29 19:39:41 UTC (rev 255374)
@@ -418,9 +418,14 @@
     (global-name "com.apple.logd.events"))
 
 (allow mach-lookup (with report) (with telemetry)
-    (global-name "com.apple.cfprefsd.daemon")
     (global-name "com.apple.cfprefsd.agent")
-    (local-name "com.apple.cfprefsd.agent"))
+    (local-name "com.apple.cfprefsd.agent")
+)
+
+(allow mach-lookup (with telemetry)
+    (global-name "com.apple.cfprefsd.daemon") ;; Needed by _CFPreferencesGetAppBooleanValueWithContainer and others.
+)
+
 (allow ipc-posix-shm-read*
     (ipc-posix-name-prefix "apple.cfprefs."))
 
@@ -480,7 +485,6 @@
     (sysctl-name "kern.ostype")
     (sysctl-name "kern.osversion")
     (sysctl-name "kern.saved_ids")
-    (sysctl-name "kern.secure_kernel")
     (sysctl-name "kern.usrstack")
     (sysctl-name "kern.usrstack64")
     (sysctl-name "kern.version")
@@ -505,8 +509,8 @@
 
 (allow mach-lookup (with report) (with telemetry)
     (global-name "com.apple.system.notification_center"))
-(allow ipc-posix-shm-read*  (with report) (with telemetry)
-    (ipc-posix-name "apple.shm.notification_center"))
+(allow ipc-posix-shm-read* (with telemetry)
+    (ipc-posix-name "apple.shm.notification_center")) ;; Needed by os_log_create
 
 (allow mach-lookup (with report) (with telemetry)
     (global-name "com.apple.distributed_notifications@1v3"))
@@ -562,6 +566,7 @@
         "kern.memorystatus_level"
         "kern.osproductversion" ;; Needed by CFNetwork (HSTS store and others)
         "kern.osvariant_status" ;; Needed for bundle loading
+        "kern.secure_kernel" ;; Needed by XPC bundle resolution
         "kern.tcsm_available" ;; Needed for IndexedDB support
         "vm.footprint_suspend"))
 

Modified: branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (255373 => 255374)

--- branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-29 19:39:36 UTC (rev 255373)
+++ branches/safari-610.1.1-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-29 19:39:41 UTC (rev 255374)
@@ -843,7 +843,7 @@
         "kern.osproductversion"
         "kern.osrelease"
         "kern.osvariant_status"
-        "kern.secure_kernel"
+        "kern.secure_kernel" ;; Needed by XPC bundle resolution
         "kern.version"
         "vm.footprint_suspend"))
 
@@ -859,6 +859,7 @@
     (iokit-property "IOClassNameOverride")
     (iokit-property "IOPlatformUUID")
     (iokit-property "IOSurfaceAcceleratorCapabilitiesDict")
+    (iokit-property "LGHSupported")
     (iokit-property "Protocol Characteristics")
     (iokit-property "als-colorCfg") ;; <rdar://problem/52903475>
     (iokit-property "artwork-device-idiom") ;; <rdar://problem/49497720>

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes