[webkit-changes] [256473] trunk/Source/WebKit

Wed, 12 Feb 2020 13:50:11 -0800

Title: [256473] trunk/Source/WebKit
Revision
256473
Author
bfulg...@apple.com
Date
2020-02-12 13:49:12 -0800 (Wed, 12 Feb 2020)

Log Message

[iOS] Remove access to AppleKeyStoreUserClient from the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=207654
<rdar://problem/58804060>

Reviewed by Per Arne Vollan.

Testing and telemetry show that we no longer need access to the AppleKeyStoreUserClient
IOKit class in the WebContent or GPU processes. We should remove this access.

* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (256472 => 256473)


--- trunk/Source/WebKit/ChangeLog	2020-02-12 21:48:26 UTC (rev 256472)
+++ trunk/Source/WebKit/ChangeLog	2020-02-12 21:49:12 UTC (rev 256473)
@@ -1,3 +1,17 @@
+2020-02-12  Brent Fulgham  <bfulg...@apple.com>
+
+        [iOS] Remove access to AppleKeyStoreUserClient from the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=207654
+        <rdar://problem/58804060>
+
+        Reviewed by Per Arne Vollan.
+
+        Testing and telemetry show that we no longer need access to the AppleKeyStoreUserClient
+        IOKit class in the WebContent or GPU processes. We should remove this access.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-02-12  Said Abou-Hallawa  <s...@apple.com>
 
         REGRESSION (r255158): http/tests/frame-throttling/raf-throttle-in-cross-origin-subframe.html is a flaky failure

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (256472 => 256473)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-02-12 21:48:26 UTC (rev 256472)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2020-02-12 21:49:12 UTC (rev 256473)
@@ -106,10 +106,6 @@
                (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2"))
         (mobile-preferences-read "com.apple.MobileAsset")))
 
-(define-once (mobile-keybag-access)
-     (allow iokit-open
-            (iokit-user-client-class "AppleKeyStoreUserClient")))
-
 (define-once (play-audio)
     (allow mach-lookup
            (global-name "com.apple.audio.AURemoteIOServer"))
@@ -762,9 +758,6 @@
 
 (framebuffer-access)
 
-;; <rdar://problem/7822790>
-(mobile-keybag-access)
-
 ; <rdar://problem/7595408> , <rdar://problem/7643881>
 (opengl)

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (256472 => 256473)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-02-12 21:48:26 UTC (rev 256472)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-02-12 21:49:12 UTC (rev 256473)
@@ -119,11 +119,6 @@
                (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2"))
         (mobile-preferences-read "com.apple.MobileAsset")))
 
-(define-once (mobile-keybag-access)
-    (allow iokit-open (with telemetry)
-        (iokit-user-client-class "AppleKeyStoreUserClient")  ;; Needed by NSURLCache
-))
-
 (define-once (play-audio)
     (allow mach-lookup
            (global-name "com.apple.audio.AURemoteIOServer"))
@@ -763,9 +758,6 @@
 
 (framebuffer-access)
 
-;; <rdar://problem/7822790>
-(mobile-keybag-access)
-
 ; <rdar://problem/7595408> , <rdar://problem/7643881>
 (opengl)
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to