Skip to site navigation (Press enter)

[webkit-changes] [260221] trunk/Source/WebKit

bfulgham Thu, 16 Apr 2020 13:55:22 -0700

Title: [260221] trunk/Source/WebKit

Revision: 260221
Author: [email protected]
Date: 2020-04-16 13:54:30 -0700 (Thu, 16 Apr 2020)

Log Message

[macOS] Switch unused IOKit classes from allow-with-report to deny-with-report
https://bugs.webkit.org/show_bug.cgi?id=210136
<rdar://problem/61403216>


Reviewed by Per Arne Vollan.

After tracking telemetry for several weeks, we can now safely switch the default state
of a number of IOKit classes from 'allow with telemetry' to 'deny with telemetry'.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (260220 => 260221)


--- trunk/Source/WebKit/ChangeLog	2020-04-16 20:42:16 UTC (rev 260220)
+++ trunk/Source/WebKit/ChangeLog	2020-04-16 20:54:30 UTC (rev 260221)
@@ -1,3 +1,16 @@
+2020-04-16  Brent Fulgham  <[email protected]>
+
+        [macOS] Switch unused IOKit classes from allow-with-report to deny-with-report
+        https://bugs.webkit.org/show_bug.cgi?id=210136
+        <rdar://problem/61403216>
+
+        Reviewed by Per Arne Vollan.
+
+        After tracking telemetry for several weeks, we can now safely switch the default state
+        of a number of IOKit classes from 'allow with telemetry' to 'deny with telemetry'.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ 
 2020-04-16  Daniel Bates  <[email protected]>
 
         Fix the iOS build when building without EDITABLE_REGION after r260192

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (260220 => 260221)


--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-04-16 20:42:16 UTC (rev 260220)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2020-04-16 20:54:30 UTC (rev 260221)
@@ -120,17 +120,13 @@
         (iokit-registry-entry-class "IOAccelerationUserClient")
         (iokit-registry-entry-class "IOSurfaceRootUserClient")
         (iokit-registry-entry-class "IOSurfaceSendRight"))
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101600
     ;; CoreVideo CVCGDisplayLink
     (allow iokit-open
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
-        (with report) (with telemetry)
+        (iokit-registry-entry-class "IOFramebufferSharedUserClient"))
 #endif
-        (iokit-registry-entry-class "IOFramebufferSharedUserClient"))
     ;; H.264 Acceleration
     (allow iokit-open
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
-        (with report) (with telemetry)
-#endif
         (iokit-registry-entry-class "AppleIntelMEUserClient")
         (iokit-registry-entry-class "AppleSNBFBUserClient"))
     ;; QuartzCore
@@ -604,20 +600,30 @@
     (allow-read-write-directory-and-issue-read-write-extensions (param "DARWIN_USER_TEMP_DIR")))
 
 ;; IOKit user clients
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101600
 (allow iokit-open
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
-    (with report) (with telemetry)
+    (iokit-user-client-class "AppleMultitouchDeviceUserClient")
+    (iokit-user-client-class "IOHIDParamUserClient")
+    (iokit-user-client-class "IOAudioControlUserClient")
+    (iokit-user-client-class "IOAudioEngineUserClient")
+)
 #endif
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101600
+(deny iokit-open
+    (with send-signal SIGKILL)
     (iokit-user-client-class "AppleMultitouchDeviceUserClient")
     (iokit-user-client-class "IOHIDParamUserClient")
     (iokit-user-client-class "IOAudioControlUserClient")
     (iokit-user-client-class "IOAudioEngineUserClient")
-    ;; Following is needed due to <rdar://problem/10427451> && <rdar://problem/10808817>
-    (iokit-user-client-class "AudioAUUC"))
+    (iokit-registry-entry-class "IOFramebufferSharedUserClient")
+)
+#endif
 
 (allow iokit-open
     (iokit-user-client-class "AppleUpstreamUserClient")
     (iokit-user-client-class "RootDomainUserClient") ;; Needed by WebCore::PerformanceMonitor
+    (iokit-user-client-class "AudioAUUC") ;; <rdar://problem/10427451> && <rdar://problem/10808817>
 )
 
 ;; cookied.
@@ -717,6 +723,9 @@
 
 ;; Needed to support encrypted media playback <rdar://problem/40038478>
 (allow mach-lookup
+#if __MAC_OS_X_VERSION_MIN_REQUIRED > 101500
+    (with telemetry-backtrace)
+#endif
     (global-name "com.apple.SecurityServer")
     (global-name "com.apple.ocspd"))

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes