Title: [256450] trunk
- Revision
- 256450
- Author
- pvol...@apple.com
- Date
- 2020-02-12 10:40:04 -0800 (Wed, 12 Feb 2020)
Log Message
[iOS] Deny mach lookup access to view service in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=207487
Source/WebKit:
<rdar://problem/56995704>
Reviewed by Darin Adler.
As part of sandbox hardening, mach lookup access to com.apple.uikit.viewservice should be denied.
Test: fast/sandbox/ios/sandbox-mach-lookup.html
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
LayoutTests:
Reviewed by Darin Adler.
* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (256449 => 256450)
--- trunk/LayoutTests/ChangeLog 2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/LayoutTests/ChangeLog 2020-02-12 18:40:04 UTC (rev 256450)
@@ -1,3 +1,13 @@
+2020-02-12 Per Arne Vollan <pvol...@apple.com>
+
+ [iOS] Deny mach lookup access to view service in the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=207487
+
+ Reviewed by Darin Adler.
+
+ * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+ * fast/sandbox/ios/sandbox-mach-lookup.html:
+
2020-02-12 Jacob Uphoff <jacob_uph...@apple.com>
[ iOS ] http/tests/security/cross-frame-access-private-browsing.html is a flay timeout
Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (256449 => 256450)
--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt 2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt 2020-02-12 18:40:04 UTC (rev 256450)
@@ -18,3 +18,4 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.system.logger") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.aggregated") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.tccd") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.uikit.viewservice") is false
Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (256449 => 256450)
--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html 2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html 2020-02-12 18:40:04 UTC (rev 256450)
@@ -21,6 +21,7 @@
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.system.logger\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.aggregated\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.tccd\")");
+ shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.uikit.viewservice\")");
}
</script>
</head>
Modified: trunk/Source/WebKit/ChangeLog (256449 => 256450)
--- trunk/Source/WebKit/ChangeLog 2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/Source/WebKit/ChangeLog 2020-02-12 18:40:04 UTC (rev 256450)
@@ -1,3 +1,17 @@
+2020-02-12 Per Arne Vollan <pvol...@apple.com>
+
+ [iOS] Deny mach lookup access to view service in the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=207487
+ <rdar://problem/56995704>
+
+ Reviewed by Darin Adler.
+
+ As part of sandbox hardening, mach lookup access to com.apple.uikit.viewservice should be denied.
+
+ Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
2020-02-12 Alex Christensen <achristen...@webkit.org>
Make _WKResourceLoadDelegate.h able to be included before other headers
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (256449 => 256450)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-02-12 18:36:05 UTC (rev 256449)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-02-12 18:40:04 UTC (rev 256450)
@@ -422,10 +422,6 @@
(allow mach-lookup
(global-name "com.apple.CARenderServer"))
- (allow mach-lookup (with report) (with telemetry)
- (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")
- )
-
; UIKit-required IOKit nodes.
(allow iokit-open (with report) (with telemetry)
(iokit-user-client-class "AppleJPEGDriverUserClient")
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes