[webkit-changes] [256450] trunk

[pvollan]

Title: [256450] trunk

Revision

256450

Author

pvol...@apple.com

Date

2020-02-12 10:40:04 -0800 (Wed, 12 Feb 2020)

Log Message

[iOS] Deny mach lookup access to view service in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=207487
Source/WebKit:

<rdar://problem/56995704>
        
Reviewed by Darin Adler.

As part of sandbox hardening, mach lookup access to com.apple.uikit.viewservice should be denied.

Test: fast/sandbox/ios/sandbox-mach-lookup.html

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:


Reviewed by Darin Adler.

* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
• trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/LayoutTests/ChangeLog (256449 => 256450)

--- trunk/LayoutTests/ChangeLog	2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/LayoutTests/ChangeLog	2020-02-12 18:40:04 UTC (rev 256450)
@@ -1,3 +1,13 @@
+2020-02-12  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Deny mach lookup access to view service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=207487
+
+        Reviewed by Darin Adler.
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
 2020-02-12  Jacob Uphoff  <jacob_uph...@apple.com>
 
         [ iOS ] http/tests/security/cross-frame-access-private-browsing.html is a flay timeout

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (256449 => 256450)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt	2020-02-12 18:40:04 UTC (rev 256450)
@@ -18,3 +18,4 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.system.logger") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.aggregated") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.tccd") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.uikit.viewservice") is false

Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (256449 => 256450)

--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html	2020-02-12 18:40:04 UTC (rev 256450)
@@ -21,6 +21,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.system.logger\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.aggregated\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.tccd\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.uikit.viewservice\")");
 }
 </script>
 </head>

Modified: trunk/Source/WebKit/ChangeLog (256449 => 256450)

--- trunk/Source/WebKit/ChangeLog	2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/Source/WebKit/ChangeLog	2020-02-12 18:40:04 UTC (rev 256450)
@@ -1,3 +1,17 @@
+2020-02-12  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Deny mach lookup access to view service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=207487
+        <rdar://problem/56995704>
+        
+        Reviewed by Darin Adler.
+
+        As part of sandbox hardening, mach lookup access to com.apple.uikit.viewservice should be denied.
+
+        Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-02-12  Alex Christensen  <achristen...@webkit.org>
 
         Make _WKResourceLoadDelegate.h able to be included before other headers

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (256449 => 256450)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-02-12 18:40:04 UTC (rev 256450)
@@ -422,10 +422,6 @@
     (allow mach-lookup
         (global-name "com.apple.CARenderServer"))
 
-    (allow mach-lookup (with report) (with telemetry)
-        (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")
-    )
-
     ; UIKit-required IOKit nodes.
     (allow iokit-open  (with report) (with telemetry)
         (iokit-user-client-class "AppleJPEGDriverUserClient")

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes