Title: [261411] trunk/Source/WebKit
- Revision
- 261411
- Author
- [email protected]
- Date
- 2020-05-08 13:43:00 -0700 (Fri, 08 May 2020)
Log Message
Revise sandbox to stop logging some commonly-used properties
https://bugs.webkit.org/show_bug.cgi?id=211636
<rdar://problem/63014244>
Reviewed by Per Arne Vollan.
Further living on and testing has shown a handful of sysctl entries that are in regular use, and do not need
to be logged or considered for removal. This patch has no change in behavior, just reduces logging.
* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (261410 => 261411)
--- trunk/Source/WebKit/ChangeLog 2020-05-08 20:41:08 UTC (rev 261410)
+++ trunk/Source/WebKit/ChangeLog 2020-05-08 20:43:00 UTC (rev 261411)
@@ -1,3 +1,17 @@
+2020-05-08 Brent Fulgham <[email protected]>
+
+ Revise sandbox to stop logging some commonly-used properties
+ https://bugs.webkit.org/show_bug.cgi?id=211636
+ <rdar://problem/63014244>
+
+ Reviewed by Per Arne Vollan.
+
+ Further living on and testing has shown a handful of sysctl entries that are in regular use, and do not need
+ to be logged or considered for removal. This patch has no change in behavior, just reduces logging.
+
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+
2020-05-08 Chris Dumez <[email protected]>
Make WKWebViewConfiguration._alwaysRunsAtForegroundPriority an alias for _clientNavigationsRunAtForegroundPriority
Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (261410 => 261411)
--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2020-05-08 20:41:08 UTC (rev 261410)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2020-05-08 20:43:00 UTC (rev 261411)
@@ -123,7 +123,6 @@
(global-name "com.apple.secinitd")
(global-name "com.apple.system.DirectoryService.libinfo_v1")
(global-name "com.apple.system.logger")
- (global-name "com.apple.system.notification_center")
(global-name "com.apple.system.opendirectoryd.libinfo")
(global-name "com.apple.system.opendirectoryd.membership")
(global-name "com.apple.trustd")
@@ -178,6 +177,7 @@
"hw.availcpu"
"hw.ncpu"
"hw.model" ;; Needed for bundle loading
+ "kern.hostname"
"kern.maxfilesperproc"
"kern.memorystatus_level"
"kern.osproductversion" ;; Needed by CFNetwork (HSTS store and others)
@@ -184,6 +184,7 @@
"kern.osversion" ;; Needed by WebKit and ASL logging.
"kern.tcsm_available" ;; Needed for IndexedDB support.
"kern.ostype"
+ "kern.version"
"vm.footprint_suspend")
(sysctl-name-regex #"^net.routetable")
)
@@ -305,6 +306,7 @@
(global-name "com.apple.lsd.mapdb")
(global-name "com.apple.nesessionmanager.flow-divert-token")
(global-name "com.apple.nesessionmanager.content-filter") ;; <rdar://problem/47598758>
+ (global-name "com.apple.system.notification_center")
(global-name "com.apple.AppSSO.service-xpc")
)
@@ -371,8 +373,7 @@
(global-name "org.h5l.kcm")
(global-name "com.apple.GSSCred")
(global-name "com.apple.ist.ds.appleconnect.service.kdctunnel") ;; Remove after <rdar://problem/35542803> ships
- (global-name "com.apple.system.logger")
- (global-name "com.apple.system.notification_center"))
+ (global-name "com.apple.system.logger"))
(allow network-outbound
(remote udp))
(allow user-preference-read
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (261410 => 261411)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2020-05-08 20:41:08 UTC (rev 261410)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2020-05-08 20:43:00 UTC (rev 261411)
@@ -471,7 +471,6 @@
(sysctl-name "kern.clockrate")
(sysctl-name "kern.development")
(sysctl-name "kern.hostid")
- (sysctl-name "kern.hostname")
(sysctl-name "kern.maxproc")
(sysctl-name "kern.maxvnodes")
(sysctl-name-prefix "kern.monotonicclock")
@@ -480,7 +479,6 @@
(sysctl-name "kern.saved_ids")
(sysctl-name "kern.usrstack")
(sysctl-name "kern.usrstack64")
- (sysctl-name "kern.version")
(sysctl-name "kern.waketime")
(sysctl-name "security.mac.sandbox.sentinel")
(sysctl-name "sysctl.name2oid")
@@ -502,9 +500,9 @@
(allow file-read-metadata network-outbound
(literal "/private/var/run/syslog"))
-(allow mach-lookup (with report) (with telemetry)
+(allow mach-lookup
(global-name "com.apple.system.notification_center"))
-(allow ipc-posix-shm-read* (with telemetry)
+(allow ipc-posix-shm-read*
(ipc-posix-name "apple.shm.notification_center")) ;; Needed by os_log_create
(allow mach-lookup (with report) (with telemetry)
@@ -557,6 +555,7 @@
"hw.model" ;; Needed for bundle loading
"hw.pagesize_compat" ;; Needed by bmalloc
"kern.bootargs" ;; Needed for bundle loading
+ "kern.hostname"
"kern.maxfilesperproc"
"kern.memorystatus_level"
"kern.osproductversion" ;; Needed by CFNetwork (HSTS store and others)
@@ -566,6 +565,7 @@
"kern.osversion" ;; Needed by WebKit and ASL logging.
"kern.secure_kernel" ;; Needed by XPC bundle resolution
"kern.tcsm_available" ;; Needed for IndexedDB support
+ "kern.version"
"vm.footprint_suspend"))
;; Access to client's cache folder & re-vending to CFNetwork.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
