- Revision
- 271778
- Author
- [email protected]
- Date
- 2021-01-23 07:35:06 -0800 (Sat, 23 Jan 2021)
Log Message
Source/WebKit:
[macOS] Deny mach lookup access to "com.apple.iconservices.store" in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=220014
<rdar://problem/68923110>
Reviewed by Brent Fulgham.
Deny mach lookup access to "com.apple.iconservices.store" in the WebContent process on macOS,
since there are no longer any reports of this being used.
Test: fast/sandbox/mac/sandbox-mach-lookup.html
* WebProcess/com.apple.WebProcess.sb.in:
LayoutTests:
[macOS] Deny mach-lookup to the service 'com.apple.iconservices.store' in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=220014
<rdar://problem/68923110>
Reviewed by Brent Fulgham.
* fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
* fast/sandbox/mac/sandbox-mach-lookup.html:
* platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
* platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (271777 => 271778)
--- trunk/LayoutTests/ChangeLog 2021-01-23 15:30:17 UTC (rev 271777)
+++ trunk/LayoutTests/ChangeLog 2021-01-23 15:35:06 UTC (rev 271778)
@@ -1,5 +1,18 @@
2021-01-23 Per Arne Vollan <[email protected]>
+ [macOS] Deny mach-lookup to the service 'com.apple.iconservices.store' in the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=220014
+ <rdar://problem/68923110>
+
+ Reviewed by Brent Fulgham.
+
+ * fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+ * fast/sandbox/mac/sandbox-mach-lookup.html:
+ * platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+ * platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+
+2021-01-23 Per Arne Vollan <[email protected]>
+
[macOS] Deny mach-lookup to the service 'com.apple.hiservices-xpcservice' in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=220321
<rdar://problem/68878470>
Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (271777 => 271778)
--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 15:30:17 UTC (rev 271777)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 15:35:06 UTC (rev 271778)
@@ -12,6 +12,7 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.awdd") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.audio.SystemSoundServer-OSX") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices.store") is false
PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.hiservices-xpcservice") is false
Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html (271777 => 271778)
--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html 2021-01-23 15:30:17 UTC (rev 271777)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html 2021-01-23 15:35:06 UTC (rev 271778)
@@ -15,6 +15,7 @@
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.awdd\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.cookied\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.audio.SystemSoundServer-OSX\")");
+ shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iconservices.store\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.PerformanceAnalysis.animationperfd\")");
shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.hiservices-xpcservice\")");
}
Modified: trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (271777 => 271778)
--- trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 15:30:17 UTC (rev 271777)
+++ trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 15:35:06 UTC (rev 271778)
@@ -12,6 +12,7 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.awdd") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.audio.SystemSoundServer-OSX") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices.store") is false
PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.hiservices-xpcservice") is false
Modified: trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (271777 => 271778)
--- trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 15:30:17 UTC (rev 271777)
+++ trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt 2021-01-23 15:35:06 UTC (rev 271778)
@@ -12,6 +12,7 @@
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.awdd") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.audio.SystemSoundServer-OSX") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices.store") is false
PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.hiservices-xpcservice") is false
Modified: trunk/Source/WebKit/ChangeLog (271777 => 271778)
--- trunk/Source/WebKit/ChangeLog 2021-01-23 15:30:17 UTC (rev 271777)
+++ trunk/Source/WebKit/ChangeLog 2021-01-23 15:35:06 UTC (rev 271778)
@@ -1,5 +1,20 @@
2021-01-23 Per Arne Vollan <[email protected]>
+ [macOS] Deny mach lookup access to "com.apple.iconservices.store" in the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=220014
+ <rdar://problem/68923110>
+
+ Reviewed by Brent Fulgham.
+
+ Deny mach lookup access to "com.apple.iconservices.store" in the WebContent process on macOS,
+ since there are no longer any reports of this being used.
+
+ Test: fast/sandbox/mac/sandbox-mach-lookup.html
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+
+2021-01-23 Per Arne Vollan <[email protected]>
+
[macOS] Deny mach-lookup to the service 'com.apple.hiservices-xpcservice' in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=220321
<rdar://problem/68878470>
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (271777 => 271778)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-01-23 15:30:17 UTC (rev 271777)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-01-23 15:35:06 UTC (rev 271778)
@@ -1028,7 +1028,6 @@
(global-name "com.apple.coreservices.launchservicesd")
#endif
(global-name "com.apple.iconservices")
- (global-name "com.apple.iconservices.store")
(global-name "com.apple.tccd.system")
(global-name "com.apple.trustd.agent")
)
