Modified: trunk/Source/WebKit/ChangeLog (285592 => 285593)
--- trunk/Source/WebKit/ChangeLog 2021-11-10 18:54:59 UTC (rev 285592)
+++ trunk/Source/WebKit/ChangeLog 2021-11-10 19:04:38 UTC (rev 285593)
@@ -1,3 +1,16 @@
+2021-11-10 Per Arne Vollan <[email protected]>
+
+ [iOS][GPUP] Remove sandbox read access to files
+ https://bugs.webkit.org/show_bug.cgi?id=232389
+ <rdar://problem/84717349>
+
+ Reviewed by Brent Fulgham.
+
+ Based on telemetry, remove read access to files in the GPU process' sandbox on iOS.
+ This patch also adds some new telemetry for rules related to reading of files.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+
2021-11-10 Darin Adler <[email protected]>
[CF] Reduce duplication and unneeded buffer allocations and copying in URL code, also remove unused methods and functions
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (285592 => 285593)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-11-10 18:54:59 UTC (rev 285592)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-11-10 19:04:38 UTC (rev 285593)
@@ -45,16 +45,6 @@
(extension-class "com.apple.app-sandbox.read")
(apply require-any filters))))
-(define-once (allow-read-write-and-issue-generic-extensions . filters)
- (allow file-read* file-write* (with telemetry)
- (apply require-any filters))
- (allow file-read-metadata
- (apply require-any filters))
- (allow file-issue-extension
- (require-all
- (extension-class "com.apple.app-sandbox.read-write" "com.apple.app-sandbox.read")
- (apply require-any filters))))
-
(define-once (managed-configuration-read-public)
(allow file-read* (with telemetry)
(well-known-system-group-container-subpath "/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/PublicInfo")
@@ -61,22 +51,6 @@
(front-user-home-subpath "/Library/ConfigurationProfiles/PublicInfo")
(front-user-home-subpath "/Library/UserConfigurationProfiles/PublicInfo")))
-(define-once (managed-configuration-read . files)
- (if (null? files)
- (allow file-read* (with telemetry)
- (well-known-system-group-container-subpath "/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles")
- (front-user-home-subpath "/Library/ConfigurationProfiles")
- (front-user-home-subpath "/Library/UserConfigurationProfiles"))
- (for-each
- (lambda (file)
- (allow file-read* (with telemetry)
- (well-known-system-group-container-literal
- (string-append "/systemgroup.com.apple.configurationprofiles/Library/ConfigurationProfiles/" file))
- (front-user-home-literal
- (string-append "/Library/ConfigurationProfiles/" file)
- (string-append "/Library/UserConfigurationProfiles/" file))))
- files)))
-
(define-once (allow-preferences-common)
(allow file-read-metadata
(home-literal "")
@@ -115,7 +89,6 @@
(extension "com.apple.assets.read"))))
;; <rdar://problem/10710883>
;; <rdar://problem/11569106>
- (allow file-read* (with telemetry) asset-access-filter)
(if (memq 'with-media-playback options)
(play-media asset-access-filter))))
@@ -171,7 +144,7 @@
)
;; AVF needs to see these network preferences:
- (allow file-read* (with telemetry)
+ (allow file-read*
(literal "/private/var/preferences/com.apple.networkd.plist"))
;; Required by the MediaPlayer framework.
@@ -231,12 +204,6 @@
;; <rdar://problem/12250145>
(mobile-preferences-read "com.apple.mediaaccessibility"))
-(define-once (url-translation)
- ;; For translating http:// & https:// URLs referencing itms:// URLs.
- ;; <rdar://problem/11587338>
- (allow file-read* (with telemetry)
- (home-literal "/Library/Caches/com.apple.itunesstored/url-resolution.plist")))
-
;;;
;;; Declare that the application uses the OpenGL, Metal, and CoreML hardware & frameworks.
;;;
@@ -314,10 +281,6 @@
(deny file-read* file-write*
(vnode-type BLOCK-DEVICE CHARACTER-DEVICE))
- (allow file-read* file-write-data (with telemetry)
- (literal "/dev/null")
- (literal "/dev/zero"))
-
(allow file-read* file-write-data file-ioctl (with telemetry)
(literal "/dev/dtracehelper"))
@@ -327,35 +290,11 @@
;; <rdar://problem/14215718>
(deny file-write-data (with no-report)
(literal "/dev/random")
- (literal "/dev/urandom"))
+ (literal "/dev/urandom")))
- (allow file-read* file-write-data file-ioctl (with telemetry)
- (literal "/dev/aes_0")))
-
(define required-etc-files
- (literal "/private/etc/fstab"
- "/private/etc/hosts"
- "/private/etc/group"
- "/private/etc/passwd"
- "/private/etc/protocols"
- "/private/etc/services"))
+ (literal "/private/etc/passwd"))
-(define-once (speech-synthesis-and-voiceover)
- ;; Speak Selection & VoiceOver
- ;; <rdar://problem/12030530> AX: Sandbox violation with changing Language while VO is on
- ;; and <rdar://problem/13071747>
- (mobile-preferences-read
- "com.apple.SpeakSelection" ; Needed for WebSpeech
- "com.apple.VoiceOverTouch" ; Needed for non-US english language synthesis
- "com.apple.voiceservices") ; Ditto
-
- ;; <rdar://problem/14555119> Access to high quality speech voices
- ;; Needed for WebSpeech
- (allow file-read* (with telemetry)
- (home-subpath "/Library/VoiceServices/Assets")
- (home-subpath "/Library/Assets/com_apple_MobileAsset_VoiceServicesVocalizerVoice"))
-)
-
;; Things required by UIKit
(define-once (uikit-requirements)
(mobile-preferences-read
@@ -378,14 +317,6 @@
(with no-report))
)
-(define-once (dictionary-support)
- ; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
- (allow file-read* (with telemetry)
- ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
- (subpath "/Library/Dictionaries")
- (home-subpath "/Library/Dictionaries"))
-)
-
(deny file-map-executable)
(deny file-write-mount file-write-unmount)
@@ -410,7 +341,7 @@
(literal "/System/Library/Caches/apticket.der")
(subpath "/System/Library/Caches/com.apple.kernelcaches")
(subpath "/System/Library/Caches/com.apple.factorydata"))))
- (deny file-issue-extension file-read* hw-identifying-paths))
+ (deny file-issue-extension file-read* (with telemetry) hw-identifying-paths))
(allow file-map-executable (with telemetry)
(subpath "/System/Library")
@@ -431,9 +362,6 @@
(literal "/private/var/Managed Preferences/mobile/.GlobalPreferences.plist"))
(allow managed-preference-read (preference-domain "kCFPreferencesAnyApplication"))
- (allow file-read-metadata (with telemetry)
- (home-literal "/Library/Caches/powerlog.launchd"))
-
(allow-read-and-issue-generic-extensions (executable-bundle))
;; <rdar://problem/13963294>
@@ -480,13 +408,12 @@
(internal-debugging-support)
)
-(allow file-read* (with telemetry)
- required-etc-files
+(allow file-read*
+ required-etc-files)
+
+(allow file-read* (with telemetry) (with message "Accessing root of filesystem")
(literal "/"))
-(allow file-read* (with telemetry)
- (subpath "/private/var/MobileAsset/PreinstalledAssetsV2/InstallWithOs"))
-
(device-access)
(allow file-issue-extension (with telemetry)
@@ -502,7 +429,7 @@
(global-name "com.apple.tccd"))
;; <rdar://problem/12413942>
-(allow file-read* (with telemetry)
+(allow file-read*
(well-known-system-group-container-literal "/systemgroup.com.apple.mobilegestaltcache/Library/Caches/com.apple.MobileGestalt.plist"))
(allow iokit-get-properties
(iokit-property "IORegistryEntryPropertyKeys"))
@@ -531,9 +458,6 @@
(allow nvram-get (with telemetry) (nvram-variable "emu")) ;; <rdar://problem/78363040>
)
-(allow file-read-metadata (with telemetry)
- (literal "/private/var/run/syslog"))
-
;; ObjC map_images needs to send logging data to syslog. <rdar://problem/39778918>
(with-filter (system-attribute apple-internal)
(allow network-outbound (with telemetry)
@@ -551,9 +475,6 @@
(deny system-info (with no-report)
(info-type "net.link.addr"))
-(allow file-read* (with telemetry)
- (subpath "/private/var/db/datadetectors/sys"))
-
(allow-well-known-system-group-container-subpath-read
"/systemgroup.com.apple.icloud.findmydevice.managed/Library")
@@ -588,10 +509,6 @@
;; Access to media controls
(media-remote)
-(url-translation)
-
-(speech-synthesis-and-voiceover)
-
;; Permit reading assets via MobileAsset framework.
(asset-access 'with-media-playback)
@@ -599,10 +516,6 @@
(allow-well-known-system-group-container-literal-read
"/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
-;; Access the keyboards
-(allow file-read* (with telemetry)
- (home-subpath "/Library/Caches/com.apple.keyboards"))
-
;; Silently deny unnecessary accesses caused by MessageUI framework.
;; This can be removed once <rdar://problem/47038102> is resolved.
(deny file-read*
@@ -609,14 +522,6 @@
(home-literal "/Library/Preferences/com.apple.mobilemail.plist")
(with no-log))
-;; <rdar://problem/12985925> Need read access to /var/mobile/Library/Fonts to all apps
-(allow file-read* (with telemetry)
- (home-subpath "/Library/Fonts"))
-
-;; <rdar://problem/7344719&26323449> LaunchServices app icons
-(allow file-read* (with telemetry)
- (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
-
(allow-preferences-common)
;; Home Button
@@ -626,11 +531,6 @@
(uikit-requirements)
-(dictionary-support)
-
-; <rdar://problem/8440231>
-(allow file-read* (with telemetry)
- (home-literal "/Library/Caches/DateFormats.plist"))
; Silently deny writes when CFData attempts to write to the cache directory.
(deny file-write*
(home-literal "/Library/Caches/DateFormats.plist")
@@ -790,13 +690,6 @@
(deny file-write-create (vnode-type SYMLINK))
(deny file-read-xattr file-write-xattr (xattr-prefix "com.apple.security.private."))
-;; Allow ManagedPreference access
-(allow file-read* (with telemetry) (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
-
-(allow file-read-data (with telemetry)
- (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
-)
-
(allow iokit-open (with telemetry)
(require-all
(extension "com.apple.webkit.extension.iokit")
