Title: [280345] trunk/Source/WebKit
- Revision
- 280345
- Author
- [email protected]
- Date
- 2021-07-27 11:14:23 -0700 (Tue, 27 Jul 2021)
Log Message
Fix WebProcess sandbox profile when ENABLE_SANDBOX_MESSAGE_FILTER is disabled
https://bugs.webkit.org/show_bug.cgi?id=228220
Patch by Saagar Jha <[email protected]> on 2021-07-27
Reviewed by Per Arne Vollan.
A couple of new filters turn into empty lists when ENABLE_SANDBOX_MESSAGE_FILTER is NO;
we shouldn't be evaluating them at all, so we need to move the check out.
* WebProcess/com.apple.WebProcess.sb.in: Factor the conditional check out of the filters.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (280344 => 280345)
--- trunk/Source/WebKit/ChangeLog 2021-07-27 18:00:44 UTC (rev 280344)
+++ trunk/Source/WebKit/ChangeLog 2021-07-27 18:14:23 UTC (rev 280345)
@@ -1,3 +1,15 @@
+2021-07-27 Saagar Jha <[email protected]>
+
+ Fix WebProcess sandbox profile when ENABLE_SANDBOX_MESSAGE_FILTER is disabled
+ https://bugs.webkit.org/show_bug.cgi?id=228220
+
+ Reviewed by Per Arne Vollan.
+
+ A couple of new filters turn into empty lists when ENABLE_SANDBOX_MESSAGE_FILTER is NO;
+ we shouldn't be evaluating them at all, so we need to move the check out.
+
+ * WebProcess/com.apple.WebProcess.sb.in: Factor the conditional check out of the filters.
+
2021-07-26 Said Abou-Hallawa <[email protected]>
Regulate the WebPage RenderingUpdates from the WebProcess to the GPUProcess
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (280344 => 280345)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-07-27 18:00:44 UTC (rev 280344)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-07-27 18:14:23 UTC (rev 280345)
@@ -239,37 +239,31 @@
)
(define (AppleAVDUserClientMessageFilter)
- (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
- (apply-message-filter
- (allow (with telemetry) (with message "AppleAVDUserClient")
- iokit-async-external-method
- iokit-external-method
- iokit-external-trap
- )
+ (apply-message-filter
+ (allow (with telemetry) (with message "AppleAVDUserClient")
+ iokit-async-external-method
+ iokit-external-method
+ iokit-external-trap
)
)
)
(define (IOSurfaceAcceleratorClientMessageFilter)
- (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
- (apply-message-filter
- (allow (with telemetry) (with message "IOSurfaceAcceleratorClient")
- iokit-async-external-method
- iokit-external-method
- iokit-external-trap
- )
+ (apply-message-filter
+ (allow (with telemetry) (with message "IOSurfaceAcceleratorClient")
+ iokit-async-external-method
+ iokit-external-method
+ iokit-external-trap
)
)
)
(define (IOMobileFramebufferUserClientMessageFilter)
- (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
- (apply-message-filter
- (allow (with telemetry-backtrace) (with message "IOMobileFramebufferUserClient")
- iokit-async-external-method
- iokit-external-method
- iokit-external-trap
- )
+ (apply-message-filter
+ (allow (with telemetry-backtrace) (with message "IOMobileFramebufferUserClient")
+ iokit-async-external-method
+ iokit-external-method
+ iokit-external-trap
)
)
)
@@ -1265,38 +1259,71 @@
;; <rdar://problem/60088861>
(when (equal? (param "CPU") "arm64")
- (allow iokit-open
- (require-all
- (extension "com.apple.webkit.extension.iokit")
- (iokit-user-client-class
- "AppleAVDUserClient"
+ (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
+ (allow iokit-open
+ (require-all
+ (extension "com.apple.webkit.extension.iokit")
+ (iokit-user-client-class
+ "AppleAVDUserClient"
+ )
)
- )
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
- (AppleAVDUserClientMessageFilter)
+ (AppleAVDUserClientMessageFilter)
#endif
+ )
+ ; else
+ (allow iokit-open
+ (require-all
+ (extension "com.apple.webkit.extension.iokit")
+ (iokit-user-client-class
+ "AppleAVDUserClient"
+ )
+ )
+ )
)
- (allow iokit-open
- (require-all
- (extension "com.apple.webkit.extension.iokit")
- (iokit-user-client-class
- "IOMobileFramebufferUserClient"
+ (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
+ (allow iokit-open
+ (require-all
+ (extension "com.apple.webkit.extension.iokit")
+ (iokit-user-client-class
+ "IOMobileFramebufferUserClient"
+ )
)
- )
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
- (IOMobileFramebufferUserClientMessageFilter)
+ (IOMobileFramebufferUserClientMessageFilter)
#endif
+ )
+ ; else
+ (allow iokit-open
+ (require-all
+ (extension "com.apple.webkit.extension.iokit")
+ (iokit-user-client-class
+ "IOMobileFramebufferUserClient"
+ )
+ )
+ )
)
- (allow iokit-open
- (require-all
- (extension "com.apple.webkit.extension.iokit")
- (iokit-user-client-class
- "IOSurfaceAcceleratorClient" ;; <rdar://problem/63696732>
+ (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
+ (allow iokit-open
+ (require-all
+ (extension "com.apple.webkit.extension.iokit")
+ (iokit-user-client-class
+ "IOSurfaceAcceleratorClient" ;; <rdar://problem/63696732>
+ )
)
- )
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
- (IOSurfaceAcceleratorClientMessageFilter)
+ (IOSurfaceAcceleratorClientMessageFilter)
#endif
+ )
+ ; else
+ (allow iokit-open
+ (require-all
+ (extension "com.apple.webkit.extension.iokit")
+ (iokit-user-client-class
+ "IOSurfaceAcceleratorClient" ;; <rdar://problem/63696732>
+ )
+ )
+ )
)
)
@@ -2193,27 +2220,49 @@
)
(when (equal? (param "CPU") "arm64")
- (allow iokit-open (with report)
- (require-all
- (require-not (extension "com.apple.webkit.extension.iokit"))
- (iokit-user-client-class
- "AppleAVDUserClient"
+ (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
+ (allow iokit-open (with report)
+ (require-all
+ (require-not (extension "com.apple.webkit.extension.iokit"))
+ (iokit-user-client-class
+ "AppleAVDUserClient"
+ )
)
- )
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
- (AppleAVDUserClientMessageFilter)
+ (AppleAVDUserClientMessageFilter)
#endif
+ )
+ ; else
+ (allow iokit-open (with report)
+ (require-all
+ (require-not (extension "com.apple.webkit.extension.iokit"))
+ (iokit-user-client-class
+ "AppleAVDUserClient"
+ )
+ )
+ )
)
- (allow iokit-open (with report)
- (require-all
- (require-not (extension "com.apple.webkit.extension.iokit"))
- (iokit-user-client-class
- "IOSurfaceAcceleratorClient"
+ (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES")
+ (allow iokit-open (with report)
+ (require-all
+ (require-not (extension "com.apple.webkit.extension.iokit"))
+ (iokit-user-client-class
+ "IOSurfaceAcceleratorClient"
+ )
)
- )
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
- (IOSurfaceAcceleratorClientMessageFilter)
+ (IOSurfaceAcceleratorClientMessageFilter)
#endif
+ )
+ ; else
+ (allow iokit-open (with report)
+ (require-all
+ (require-not (extension "com.apple.webkit.extension.iokit"))
+ (iokit-user-client-class
+ "IOSurfaceAcceleratorClient"
+ )
+ )
+ )
)
)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
