[webkit-changes] [271780] trunk

[pvollan]

Title: [271780] trunk

Revision

271780

Author

pvol...@apple.com

Date

2021-01-23 14:08:45 -0800 (Sat, 23 Jan 2021)

Log Message

[macOS] Deny mach lookup access to "com.apple.iconservices" in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=220013
<rdar://problem/60649036>

Reviewed by Brent Fulgham.

Source/WebKit:

Deny mach lookup access to "com.apple.iconservices" in the WebContent process on macOS,
since there are no longer any reports of this being used.

Test: fast/sandbox/mac/sandbox-mach-lookup.html

* WebProcess/com.apple.WebProcess.sb.in:

LayoutTests:

* fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
* fast/sandbox/mac/sandbox-mach-lookup.html:
* platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
* platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt
• trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html
• trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt
• trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: trunk/LayoutTests/ChangeLog (271779 => 271780)

--- trunk/LayoutTests/ChangeLog	2021-01-23 20:31:36 UTC (rev 271779)
+++ trunk/LayoutTests/ChangeLog	2021-01-23 22:08:45 UTC (rev 271780)
@@ -1,3 +1,16 @@
+2021-01-23  Per Arne Vollan  <pvol...@apple.com>
+
+        [macOS] Deny mach lookup access to "com.apple.iconservices" in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=220013
+        <rdar://problem/60649036>
+
+        Reviewed by Brent Fulgham.
+
+        * fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/mac/sandbox-mach-lookup.html:
+        * platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+        * platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt:
+
 2021-01-23  Eric Carlson  <eric.carl...@apple.com>
 
         [iOS] Set background playback restriction for WebAudio

Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (271779 => 271780)

--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2021-01-23 20:31:36 UTC (rev 271779)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2021-01-23 22:08:45 UTC (rev 271780)
@@ -12,6 +12,7 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.awdd") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.audio.SystemSoundServer-OSX") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices.store") is false
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.hiservices-xpcservice") is false

Modified: trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html (271779 => 271780)

--- trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html	2021-01-23 20:31:36 UTC (rev 271779)
+++ trunk/LayoutTests/fast/sandbox/mac/sandbox-mach-lookup.html	2021-01-23 22:08:45 UTC (rev 271780)
@@ -15,6 +15,7 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.awdd\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.cookied\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.audio.SystemSoundServer-OSX\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iconservices\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iconservices.store\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.PerformanceAnalysis.animationperfd\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToXPCServiceName(\"com.apple.WebKit.WebContent\", \"com.apple.hiservices-xpcservice\")");

Modified: trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (271779 => 271780)

--- trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2021-01-23 20:31:36 UTC (rev 271779)
+++ trunk/LayoutTests/platform/mac-catalina/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2021-01-23 22:08:45 UTC (rev 271780)
@@ -12,6 +12,7 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.awdd") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.audio.SystemSoundServer-OSX") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices.store") is false
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.hiservices-xpcservice") is false

Modified: trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt (271779 => 271780)

--- trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2021-01-23 20:31:36 UTC (rev 271779)
+++ trunk/LayoutTests/platform/mac-mojave/fast/sandbox/mac/sandbox-mach-lookup-expected.txt	2021-01-23 22:08:45 UTC (rev 271780)
@@ -12,6 +12,7 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.awdd") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.audio.SystemSoundServer-OSX") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iconservices.store") is false
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.PerformanceAnalysis.animationperfd") is false
 PASS internals.hasSandboxMachLookupAccessToXPCServiceName("com.apple.WebKit.WebContent", "com.apple.hiservices-xpcservice") is false

Modified: trunk/Source/WebKit/ChangeLog (271779 => 271780)

--- trunk/Source/WebKit/ChangeLog	2021-01-23 20:31:36 UTC (rev 271779)
+++ trunk/Source/WebKit/ChangeLog	2021-01-23 22:08:45 UTC (rev 271780)
@@ -1,5 +1,20 @@
 2021-01-23  Per Arne Vollan  <pvol...@apple.com>
 
+        [macOS] Deny mach lookup access to "com.apple.iconservices" in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=220013
+        <rdar://problem/60649036>
+
+        Reviewed by Brent Fulgham.
+
+        Deny mach lookup access to "com.apple.iconservices" in the WebContent process on macOS,
+        since there are no longer any reports of this being used.
+
+        Test: fast/sandbox/mac/sandbox-mach-lookup.html
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
+2021-01-23  Per Arne Vollan  <pvol...@apple.com>
+
         [macOS] Deny mach lookup access to "com.apple.iconservices.store" in the WebContent process
         https://bugs.webkit.org/show_bug.cgi?id=220014
         <rdar://problem/68923110>

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (271779 => 271780)

--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2021-01-23 20:31:36 UTC (rev 271779)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2021-01-23 22:08:45 UTC (rev 271780)
@@ -1027,7 +1027,6 @@
 #if !ENABLE(SET_WEBCONTENT_PROCESS_INFORMATION_IN_NETWORK_PROCESS)
     (global-name "com.apple.coreservices.launchservicesd")
 #endif
-    (global-name "com.apple.iconservices")
     (global-name "com.apple.tccd.system")
     (global-name "com.apple.trustd.agent")
 )

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes