[webkit-changes] [256371] trunk

[pvollan]

Title: [256371] trunk

Revision

256371

Author

pvol...@apple.com

Date

2020-02-11 14:22:23 -0800 (Tue, 11 Feb 2020)

Log Message

[iOS] Deny mach lookup access to the tccd service in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=207488

Reviewed by Darin Adler.

Source/WebKit:

As part of sandbox hardening, deny mach lookup access to the tccd service.

Test: fast/sandbox/ios/sandbox-mach-lookup.html

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/LayoutTests/ChangeLog (256370 => 256371)

--- trunk/LayoutTests/ChangeLog	2020-02-11 22:13:15 UTC (rev 256370)
+++ trunk/LayoutTests/ChangeLog	2020-02-11 22:22:23 UTC (rev 256371)
@@ -1,3 +1,13 @@
+2020-02-11  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Deny mach lookup access to the tccd service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=207488
+
+        Reviewed by Darin Adler.
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
 2020-02-11  Jason Lawrence  <lawrenc...@apple.com>
 
         [ iOS wk2 ] http/wpt/beacon/cors/crossorigin-arraybufferview-no-preflight.html is flaky failing.

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (256370 => 256371)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-02-11 22:13:15 UTC (rev 256370)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-02-11 22:22:23 UTC (rev 256371)
@@ -17,4 +17,4 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.powerlog.plxpclogger.xpc") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.system.logger") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.aggregated") is false
-
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.tccd") is false

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (256370 => 256371)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-02-11 22:13:15 UTC (rev 256370)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-02-11 22:22:23 UTC (rev 256371)
@@ -20,6 +20,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.powerlog.plxpclogger.xpc\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.system.logger\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.aggregated\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.tccd\")");
 }
 </script>
 </head>

Modified: trunk/Source/WebKit/ChangeLog (256370 => 256371)

--- trunk/Source/WebKit/ChangeLog	2020-02-11 22:13:15 UTC (rev 256370)
+++ trunk/Source/WebKit/ChangeLog	2020-02-11 22:22:23 UTC (rev 256371)
@@ -1,3 +1,16 @@
+2020-02-11  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Deny mach lookup access to the tccd service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=207488
+
+        Reviewed by Darin Adler.
+
+        As part of sandbox hardening, deny mach lookup access to the tccd service.
+
+        Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-02-11  Eric Carlson  <eric.carl...@apple.com>
 
         Support in-band VTT captions when loading media in the GPU Process

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (256370 => 256371)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-02-11 22:13:15 UTC (rev 256370)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-02-11 22:22:23 UTC (rev 256371)
@@ -605,8 +605,7 @@
     (global-name "com.apple.cfprefsd.daemon"))
 
 (allow mach-lookup (with report) (with telemetry)
-    (global-name "com.apple.distributed_notifications@1v3")
-    (global-name "com.apple.tccd"))
+    (global-name "com.apple.distributed_notifications@1v3"))
 
 (allow ipc-posix-shm-read*
        (ipc-posix-name-prefix "apple.cfprefs."))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes