Title: [258736] trunk
- Revision
- 258736
- Author
- bfulg...@apple.com
- Date
- 2020-03-19 15:44:56 -0700 (Thu, 19 Mar 2020)
Log Message
Remove Mobile Asset access from the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=209302
<rdar://problem/56305023>
Reviewed by Per Arne Vollan.
Source/WebKit:
Tested by fast/sandbox/ios/sandbox-mach-lookup.html
* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
LayoutTests:
* fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
* fast/sandbox/ios/sandbox-mach-lookup.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (258735 => 258736)
--- trunk/LayoutTests/ChangeLog 2020-03-19 22:27:06 UTC (rev 258735)
+++ trunk/LayoutTests/ChangeLog 2020-03-19 22:44:56 UTC (rev 258736)
@@ -1,3 +1,14 @@
+2020-03-19 Brent Fulgham <bfulg...@apple.com>
+
+ Remove Mobile Asset access from the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=209302
+ <rdar://problem/56305023>
+
+ Reviewed by Per Arne Vollan.
+
+ * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+ * fast/sandbox/ios/sandbox-mach-lookup.html:
+
2020-03-19 Per Arne Vollan <pvol...@apple.com>
[iOS] Deny mach lookup access to power service
Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (258735 => 258736)
--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt 2020-03-19 22:27:06 UTC (rev 258735)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt 2020-03-19 22:44:56 UTC (rev 258736)
@@ -22,3 +22,5 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.analyticsd") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.distributed_notifications@1v3") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.PowerManagement.control") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.mobileassetd") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.mobileassetd.v2") is false
Modified: trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (258735 => 258736)
--- trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html 2020-03-19 22:27:06 UTC (rev 258735)
+++ trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html 2020-03-19 22:44:56 UTC (rev 258736)
@@ -25,6 +25,8 @@
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.analyticsd\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.distributed_notifications@1v3\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.PowerManagement.control\")");
+ shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.mobileassetd\")");
+ shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.mobileassetd.v2\")");
}
</script>
</head>
Modified: trunk/Source/WebKit/ChangeLog (258735 => 258736)
--- trunk/Source/WebKit/ChangeLog 2020-03-19 22:27:06 UTC (rev 258735)
+++ trunk/Source/WebKit/ChangeLog 2020-03-19 22:44:56 UTC (rev 258736)
@@ -1,3 +1,16 @@
+2020-03-19 Brent Fulgham <bfulg...@apple.com>
+
+ Remove Mobile Asset access from the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=209302
+ <rdar://problem/56305023>
+
+ Reviewed by Per Arne Vollan.
+
+ Tested by fast/sandbox/ios/sandbox-mach-lookup.html
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
2020-03-19 Alex Christensen <achristen...@webkit.org>
Remove unused WebProcessPool::didGetStatistics
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (258735 => 258736)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2020-03-19 22:27:06 UTC (rev 258735)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2020-03-19 22:44:56 UTC (rev 258736)
@@ -102,8 +102,6 @@
(allow file-read* asset-access-filter)
(if (memq 'with-media-playback options)
(play-media asset-access-filter))
- (allow mach-lookup (with report) (with telemetry)
- (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2"))
(mobile-preferences-read "com.apple.MobileAsset")))
(define-once (play-audio)
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (258735 => 258736)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-03-19 22:27:06 UTC (rev 258735)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-03-19 22:44:56 UTC (rev 258736)
@@ -115,8 +115,6 @@
(allow file-read* asset-access-filter)
(if (memq 'with-media-playback options)
(play-media asset-access-filter))
- (allow mach-lookup (with telemetry-backtrace)
- (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2"))
(mobile-preferences-read "com.apple.MobileAsset")))
(define-once (play-media . filters)
@@ -637,6 +635,10 @@
;; Permit reading assets via MobileAsset framework.
(asset-access 'with-media-playback)
+;; FIXME(209309): Remove this telemetry once we have confirmed there are no more lookups.
+(deny mach-lookup (with telemetry-backtrace)
+ (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2"))
+
;; allow 3rd party applications to access nsurlstoraged's top level domain data cache
(allow-well-known-system-group-container-literal-read
"/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
