Diff
Modified: trunk/LayoutTests/ChangeLog (271776 => 271777)
--- trunk/LayoutTests/ChangeLog 2021-01-23 14:16:09 UTC (rev 271776)
+++ trunk/LayoutTests/ChangeLog 2021-01-23 15:30:17 UTC (rev 271777)
@@ -1,3 +1,16 @@
+2021-01-23 Per Arne Vollan <[email protected]>
+
+ [macOS] Deny mach-lookup to the service 'com.apple.hiservices-xpcservice' in the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=220321
+ <rdar://problem/68878470>
+
+ Reviewed by Darin Adler.
+
+ * fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+ * fast/sandbox/mac/sandbox-mach-lookup.html:
+ * platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+ * platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+
2021-01-22 Jonathan Bedard <[email protected]>
[LayoutTests] Move service-worker python files to resources
Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (271776 => 271777)
--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 14:16:09 UTC (rev 271776)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 15:30:17 UTC (rev 271777)
@@ -13,4 +13,5 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.audio.SystemSoundServer-OSX") is false
PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
+PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.hiservices-xpcservice") is false
Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html (271776 => 271777)
--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html 2021-01-23 14:16:09 UTC (rev 271776)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html 2021-01-23 15:30:17 UTC (rev 271777)
@@ -16,6 +16,7 @@
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.cookied\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.audio.SystemSoundServer-OSX\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.PerformanceAnalysis.animationperfd\")");
+ shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.hiservices-xpcservice\")");
}
</script>
</head>
Modified: trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (271776 => 271777)
--- trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 14:16:09 UTC (rev 271776)
+++ trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 15:30:17 UTC (rev 271777)
@@ -13,4 +13,5 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.audio.SystemSoundServer-OSX") is false
PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
+PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.hiservices-xpcservice") is false
Modified: trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (271776 => 271777)
--- trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 14:16:09 UTC (rev 271776)
+++ trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 15:30:17 UTC (rev 271777)
@@ -13,4 +13,5 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.audio.SystemSoundServer-OSX") is false
PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
+PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.hiservices-xpcservice") is false
Modified: trunk/Source/WebKit/ChangeLog (271776 => 271777)
--- trunk/Source/WebKit/ChangeLog 2021-01-23 14:16:09 UTC (rev 271776)
+++ trunk/Source/WebKit/ChangeLog 2021-01-23 15:30:17 UTC (rev 271777)
@@ -1,3 +1,18 @@
+2021-01-23 Per Arne Vollan <[email protected]>
+
+ [macOS] Deny mach-lookup to the service 'com.apple.hiservices-xpcservice' in the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=220321
+ <rdar://problem/68878470>
+
+ Reviewed by Darin Adler.
+
+ Deny mach-lookup to the service 'com.apple.hiservices-xpcservice' in the WebContent process on macOS,
+ since there are no longer any reports of this service being used.
+
+ Test: fast/sandbox/mac/sandbox-mach-lookup.html
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2021-01-22 Wenson Hsieh <[email protected]>
The web process should be killed after failing to decode display list items in the GPU process
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (271776 => 271777)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-01-23 14:16:09 UTC (rev 271776)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-01-23 15:30:17 UTC (rev 271777)
@@ -668,7 +668,6 @@
(with report) (with telemetry-backtrace)
#endif
(xpc-service-name "com.apple.audio.SandboxHelper")
- (xpc-service-name "com.apple.hiservices-xpcservice")
#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 110000
(xpc-service-name "com.apple.print.normalizerd")
#endif
