Title: [269307] trunk/Source/WebKit
- Revision
- 269307
- Author
- [email protected]
- Date
- 2020-11-03 09:14:34 -0800 (Tue, 03 Nov 2020)
Log Message
[macOS] Adopt additional QuartzCore entitlement to reduce accessible endpoints
https://bugs.webkit.org/show_bug.cgi?id=218466
<rdar://problem/55790037>
Reviewed by Per Arne Vollan.
In iOS 14 we adopted a new entitlement that limited the set of XPC endpoints available
to QuartzCore clients. We should do the same on macOS to provide a similar level of
protection.
* Scripts/process-entitlements.sh:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (269306 => 269307)
--- trunk/Source/WebKit/ChangeLog 2020-11-03 16:43:44 UTC (rev 269306)
+++ trunk/Source/WebKit/ChangeLog 2020-11-03 17:14:34 UTC (rev 269307)
@@ -1,3 +1,17 @@
+2020-11-03 Brent Fulgham <[email protected]>
+
+ [macOS] Adopt additional QuartzCore entitlement to reduce accessible endpoints
+ https://bugs.webkit.org/show_bug.cgi?id=218466
+ <rdar://problem/55790037>
+
+ Reviewed by Per Arne Vollan.
+
+ In iOS 14 we adopted a new entitlement that limited the set of XPC endpoints available
+ to QuartzCore clients. We should do the same on macOS to provide a similar level of
+ protection.
+
+ * Scripts/process-entitlements.sh:
+
2020-11-03 Youenn Fablet <[email protected]>
Add support for WebRTC VP9 decoder in GPU process
Modified: trunk/Source/WebKit/Scripts/process-entitlements.sh (269306 => 269307)
--- trunk/Source/WebKit/Scripts/process-entitlements.sh 2020-11-03 16:43:44 UTC (rev 269306)
+++ trunk/Source/WebKit/Scripts/process-entitlements.sh 2020-11-03 17:14:34 UTC (rev 269307)
@@ -17,6 +17,7 @@
then
plistbuddy Add :com.apple.private.webkit.use-xpc-endpoint bool YES
plistbuddy Add :com.apple.rootless.storage.WebKitWebContentSandbox bool YES
+ plistbuddy Add :com.apple.QuartzCore.webkit-end-points bool YES
if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
then
plistbuddy Add :com.apple.developer.videotoolbox.client-sandboxed-decoder bool YES
@@ -41,6 +42,7 @@
fi
plistbuddy Add :com.apple.rootless.storage.WebKitGPUSandbox bool YES
+ plistbuddy Add :com.apple.QuartzCore.webkit-end-points bool YES
fi
}
@@ -128,6 +130,7 @@
plistbuddy Add :com.apple.security.cs.allow-jit bool YES
plistbuddy Add :com.apple.runningboard.assertions.webkit bool YES
plistbuddy Add :com.apple.private.webkit.use-xpc-endpoint bool YES
+ plistbuddy Add :com.apple.QuartzCore.webkit-end-points bool YES
if (( "${TARGET_MAC_OS_X_VERSION_MAJOR}" >= 110000 ))
then
plistbuddy Add :com.apple.pac.shared_region_id string WebContent
@@ -140,6 +143,7 @@
{
plistbuddy Add :com.apple.security.network.client bool YES
plistbuddy Add :com.apple.runningboard.assertions.webkit bool YES
+ plistbuddy Add :com.apple.QuartzCore.webkit-end-points bool YES
}
function maccatalyst_process_network_entitlements()
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
