Skip to site navigation (Press enter)

[webkit-changes] [271198] trunk/Source/WebKit

pvollan Wed, 06 Jan 2021 02:38:26 -0800

Title: [271198] trunk/Source/WebKit

Revision: 271198
Author: [email protected]
Date: 2021-01-06 02:37:42 -0800 (Wed, 06 Jan 2021)

Log Message

[iOS] Silence selected sandbox violation reports
https://bugs.webkit.org/show_bug.cgi?id=220320


Reviewed by Darin Adler.

For performance reasons, benign sandbox violations in the WebContent process can be silenced on iOS.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/Source/WebKit/ChangeLog (271197 => 271198)


--- trunk/Source/WebKit/ChangeLog	2021-01-06 09:56:37 UTC (rev 271197)
+++ trunk/Source/WebKit/ChangeLog	2021-01-06 10:37:42 UTC (rev 271198)
@@ -1,5 +1,16 @@
 2021-01-06  Per Arne Vollan  <[email protected]>
 
+        [iOS] Silence selected sandbox violation reports
+        https://bugs.webkit.org/show_bug.cgi?id=220320
+
+        Reviewed by Darin Adler.
+
+        For performance reasons, benign sandbox violations in the WebContent process can be silenced on iOS.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
+2021-01-06  Per Arne Vollan  <[email protected]>
+
         [iOS] Add missing endpoint in sandbox message filter
         https://bugs.webkit.org/show_bug.cgi?id=219731
         <rdar://problem/71566760>

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (271197 => 271198)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2021-01-06 09:56:37 UTC (rev 271197)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2021-01-06 10:37:42 UTC (rev 271198)
@@ -827,6 +827,12 @@
     )
 )
 
+(deny file-read* (with no-report)
+    (home-literal
+        "/Library/Preferences/com.apple.WebKit.WebContent.plist"
+    )
+)
+
 (deny sysctl*)
 (allow sysctl-read
     (sysctl-name
@@ -949,7 +955,10 @@
 (media-accessibility-support)
 
 (deny mach-lookup (with no-log)
-    (global-name "com.apple.fontservicesd"))
+    (global-name "com.apple.SystemConfiguration.configd")
+    (global-name "com.apple.aggregated")
+    (global-name "com.apple.fontservicesd")
+)
 
 (deny mach-lookup (with telemetry-backtrace)
     (global-name "com.apple.PowerManagement.control"))

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes