Title: [269213] branches/safari-611.1.4-branch/Source/WebKit
- Revision
- 269213
- Author
- [email protected]
- Date
- 2020-10-30 17:15:46 -0700 (Fri, 30 Oct 2020)
Log Message
Cherry-pick r269202. rdar://problem/70901517
Correct sandbox violations in GPU Process
https://bugs.webkit.org/show_bug.cgi?id=218356
<rdar://problem/70574999>
Reviewed by Eric Carlson.
The new GPU Process sandbox is missing 'sysctl.name2oid' from the allow list, even though
we allow it everywhere else. We need this for proper function.
* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-611.1.4-branch/Source/WebKit/ChangeLog (269212 => 269213)
--- branches/safari-611.1.4-branch/Source/WebKit/ChangeLog 2020-10-31 00:15:42 UTC (rev 269212)
+++ branches/safari-611.1.4-branch/Source/WebKit/ChangeLog 2020-10-31 00:15:46 UTC (rev 269213)
@@ -1,3 +1,36 @@
+2020-10-30 Alan Coon <[email protected]>
+
+ Cherry-pick r269202. rdar://problem/70901517
+
+ Correct sandbox violations in GPU Process
+ https://bugs.webkit.org/show_bug.cgi?id=218356
+ <rdar://problem/70574999>
+
+ Reviewed by Eric Carlson.
+
+ The new GPU Process sandbox is missing 'sysctl.name2oid' from the allow list, even though
+ we allow it everywhere else. We need this for proper function.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269202 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-10-30 Brent Fulgham <[email protected]>
+
+ Correct sandbox violations in GPU Process
+ https://bugs.webkit.org/show_bug.cgi?id=218356
+ <rdar://problem/70574999>
+
+ Reviewed by Eric Carlson.
+
+ The new GPU Process sandbox is missing 'sysctl.name2oid' from the allow list, even though
+ we allow it everywhere else. We need this for proper function.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+
2020-10-29 Alan Coon <[email protected]>
Cherry-pick r269173. rdar://problem/70831161
Modified: branches/safari-611.1.4-branch/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (269212 => 269213)
--- branches/safari-611.1.4-branch/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2020-10-31 00:15:42 UTC (rev 269212)
+++ branches/safari-611.1.4-branch/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2020-10-31 00:15:46 UTC (rev 269213)
@@ -173,6 +173,7 @@
"kern.version"
"machdep.cpu.brand_string"
"security.mac.sandbox.sentinel"
+ "sysctl.name2oid"
"kern.tcsm_enable"
"kern.tcsm_available"
"vm.footprint_suspend")
Modified: branches/safari-611.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (269212 => 269213)
--- branches/safari-611.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2020-10-31 00:15:42 UTC (rev 269212)
+++ branches/safari-611.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2020-10-31 00:15:46 UTC (rev 269213)
@@ -791,6 +791,7 @@
"kern.osversion"
"kern.secure_kernel"
"kern.version"
+ "sysctl.name2oid"
"vm.footprint_suspend"))
(allow iokit-get-properties
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
