[webkit-changes] [273169] trunk/Source/WebKit

Fri, 19 Feb 2021 15:25:29 -0800

Title: [273169] trunk/Source/WebKit
Revision
273169
Author
[email protected]
Date
2021-02-19 15:24:51 -0800 (Fri, 19 Feb 2021)

Log Message

[iOS] Remove access to IOSurfaceAcceleratorClient
https://bugs.webkit.org/show_bug.cgi?id=222199
<rdar://problem/73518610>

Reviewed by Brent Fulgham.

Remove access to IOSurfaceAcceleratorClient in the WebContent process on iOS when the GPU process is enabled.
This patch also adds the IOKit filter from IOSurfaceRootUserClient when the GPU process is not enabled, to
the rule for IOSurfaceRootUserClient when the GPU process is enabled.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (273168 => 273169)


--- trunk/Source/WebKit/ChangeLog	2021-02-19 23:16:56 UTC (rev 273168)
+++ trunk/Source/WebKit/ChangeLog	2021-02-19 23:24:51 UTC (rev 273169)
@@ -1,3 +1,17 @@
+2021-02-19  Per Arne Vollan  <[email protected]>
+
+        [iOS] Remove access to IOSurfaceAcceleratorClient
+        https://bugs.webkit.org/show_bug.cgi?id=222199
+        <rdar://problem/73518610>
+
+        Reviewed by Brent Fulgham.
+
+        Remove access to IOSurfaceAcceleratorClient in the WebContent process on iOS when the GPU process is enabled.
+        This patch also adds the IOKit filter from IOSurfaceRootUserClient when the GPU process is not enabled, to
+        the rule for IOSurfaceRootUserClient when the GPU process is enabled.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2021-02-19  Jean-Yves Avenard  <[email protected]>
 
         Legacy CDM doesn't work when GPU media process is enabled

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (273168 => 273169)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2021-02-19 23:16:56 UTC (rev 273168)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2021-02-19 23:24:51 UTC (rev 273169)
@@ -1016,17 +1016,33 @@
     (xpc-service-name "com.apple.audio.toolbox.reporting.service")
 )
 
-;; FIXME: This is just for logging. Remove when the GPU process is enabled by default.
-(allow iokit-open (with report) (with telemetry-backtrace)
+(allow iokit-open (with telemetry-backtrace)
     (require-all
         (require-not (extension "com.apple.webkit.extension.iokit"))
         (iokit-user-client-class
-            "IOSurfaceAcceleratorClient"
             "IOSurfaceRootUserClient"
         )
     )
+    (when (defined? 'iokit-external-method)
+        (apply-message-filter
+            (deny (with telemetry)
+                iokit-async-external-method
+                iokit-external-trap)
+            (allow
+                iokit-external-method)
+        )
+    )
 )
 
+(deny iokit-open (with telemetry-backtrace)
+    (require-all
+        (require-not (extension "com.apple.webkit.extension.iokit"))
+        (iokit-user-client-class
+            "IOSurfaceAcceleratorClient"
+        )
+    )
+)
+
 (deny iokit-open (with no-log)
     (iokit-user-client-class
         "AppleJPEGDriverUserClient"

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to