Title: [260284] trunk/Source/WebKit
- Revision
- 260284
- Author
- [email protected]
- Date
- 2020-04-17 14:29:48 -0700 (Fri, 17 Apr 2020)
Log Message
[iOS] Deny iokit open access of unused class in the WebContent sandbox
https://bugs.webkit.org/show_bug.cgi?id=210669
Reviewed by Brent Fulgham.
Telemetry shows that iokit open access of an iokit class can be removed from the WebContent sandbox.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (260283 => 260284)
--- trunk/Source/WebKit/ChangeLog 2020-04-17 21:20:25 UTC (rev 260283)
+++ trunk/Source/WebKit/ChangeLog 2020-04-17 21:29:48 UTC (rev 260284)
@@ -1,3 +1,14 @@
+2020-04-17 Per Arne Vollan <[email protected]>
+
+ [iOS] Deny iokit open access of unused class in the WebContent sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=210669
+
+ Reviewed by Brent Fulgham.
+
+ Telemetry shows that iokit open access of an iokit class can be removed from the WebContent sandbox.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
2020-04-17 Chris Dumez <[email protected]>
[iOS] Refactor WebKit uploads process assertion logic to minimize chances of leaking them
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (260283 => 260284)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-04-17 21:20:25 UTC (rev 260283)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-04-17 21:29:48 UTC (rev 260284)
@@ -375,8 +375,7 @@
(global-name "com.apple.CARenderServer"))
; UIKit-required IOKit nodes.
- (allow iokit-open (with report) (with telemetry)
- (iokit-user-client-class "AppleJPEGDriverUserClient")
+ (deny iokit-open (with telemetry-backtrace)
(iokit-user-client-class "IOSurfaceSendRight")
)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
