Skip to site navigation (Press enter)

[webkit-changes] [260017] trunk/Source/WebKit

pvollan Mon, 13 Apr 2020 09:49:50 -0700

Title: [260017] trunk/Source/WebKit

Revision: 260017
Author: [email protected]
Date: 2020-04-13 09:48:28 -0700 (Mon, 13 Apr 2020)

Log Message

[iOS] Add message filtering to all iokit open rules
https://bugs.webkit.org/show_bug.cgi?id=210352


Reviewed by Sam Weinig.

Apply message filtering with reports and telemetry to all iokit-open rules in the WebContent process' sandbox on iOS
to gain a better understanding of which iokit-open rules we can investigate.

No new tests, since adding telemetry will not introduce a change in behavior.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/Source/WebKit/ChangeLog (260016 => 260017)


--- trunk/Source/WebKit/ChangeLog	2020-04-13 16:43:21 UTC (rev 260016)
+++ trunk/Source/WebKit/ChangeLog	2020-04-13 16:48:28 UTC (rev 260017)
@@ -1,3 +1,17 @@
+2020-04-13  Per Arne Vollan  <[email protected]>
+
+        [iOS] Add message filtering to all iokit open rules
+        https://bugs.webkit.org/show_bug.cgi?id=210352
+
+        Reviewed by Sam Weinig.
+
+        Apply message filtering with reports and telemetry to all iokit-open rules in the WebContent process' sandbox on iOS
+        to gain a better understanding of which iokit-open rules we can investigate.
+
+        No new tests, since adding telemetry will not introduce a change in behavior.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-04-13  Joonghun Park  <[email protected]>
 
         Unreviewed. Remove redundant move in return statement.

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (260016 => 260017)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-04-13 16:43:21 UTC (rev 260016)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-04-13 16:48:28 UTC (rev 260017)
@@ -87,7 +87,16 @@
 
 (define-once (framebuffer-access)
     (allow iokit-open
-           (iokit-user-client-class "IOMobileFramebufferUserClient"))
+        (iokit-user-client-class "IOMobileFramebufferUserClient")
+        (when (defined? 'iokit-external-method)
+            (apply-message-filter
+                (allow (with report) (with telemetry)
+                    iokit-async-external-method
+                    iokit-external-method
+                    iokit-external-trap)
+            )
+        )
+    )
 
     ; IOMobileFramebuffer
     (with-filter (iokit-registry-entry-class "IOMobileFramebuffer")
@@ -222,9 +231,17 @@
     ;; Items with known uses
     (allow iokit-open
         (iokit-connection "IOGPU")
-        (iokit-user-client-class
-            "AGXDeviceUserClient" ;; Used by WebGL
-    ))
+        (iokit-user-client-class "AGXDeviceUserClient") ;; Used by WebGL
+        (when (defined? 'iokit-external-method)
+            (apply-message-filter
+                (allow (with report) (with telemetry)
+                    iokit-async-external-method
+                    iokit-external-trap)
+                (allow (with telemetry)
+                    iokit-external-method)
+            )
+        )
+    )
 
     (allow iokit-get-properties
         (iokit-property "IOGLBundleName")
@@ -361,11 +378,42 @@
         (iokit-user-client-class "IOSurfaceSendRight")
     )
 
+    (allow iokit-open
+        (iokit-user-client-class "AppleJPEGDriverUserClient")
+        (when (defined? 'iokit-external-method)
+            (apply-message-filter
+                (allow (with report) (with telemetry)
+                    iokit-async-external-method
+                    iokit-external-method
+                    iokit-external-trap)
+            )
+        )
+    )
+
     ; WebKit-required IOKit classes
     (allow iokit-open
-        (iokit-user-client-class "AppleJPEGDriverUserClient")
         (iokit-user-client-class "IOSurfaceAcceleratorClient") ;; Media rendering into pixel buffers
+        (when (defined? 'iokit-external-method)
+            (apply-message-filter
+                (allow (with report) (with telemetry)
+                    iokit-async-external-method
+                    iokit-external-method
+                    iokit-external-trap)
+            )
+        )
+    )
+
+    (allow iokit-open
         (iokit-user-client-class "IOSurfaceRootUserClient") ;; Needed by Tiled Grid code.
+        (when (defined? 'iokit-external-method)
+            (apply-message-filter
+                (allow (with report) (with telemetry)
+                    iokit-async-external-method
+                    iokit-external-trap)
+                (allow (with telemetry)
+                    iokit-external-method)
+            )
+        )
     )
 
     ;; Silence sandbox violations from apps trying to create the empty plist if it doesn't exist.
@@ -1163,14 +1211,3 @@
         )
     )
 )
-
-(when (defined? 'iokit-external-method)
-    (allow iokit-open
-        (apply-message-filter (with report) (with telemetry)
-            (allow
-             iokit-external-method
-             iokit-async-external-method
-             iokit-external-trap)
-        )
-    )
-)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes