Skip to site navigation (Press enter)

[webkit-changes] [287174] trunk/Source/WebKit

pvollan Thu, 16 Dec 2021 23:22:39 -0800

Title: [287174] trunk/Source/WebKit

Revision: 287174
Author: [email protected]
Date: 2021-12-16 23:21:49 -0800 (Thu, 16 Dec 2021)

Log Message

[macOS] Adjust syscall filter
https://bugs.webkit.org/show_bug.cgi?id=234401


Reviewed by Tim Horton.

Adjust syscall filter in the WebContent process' sandbox on macOS. A syscall that was previously
believed to only be used on Intel, is being used on all architectures.

* WebProcess/com.apple.WebProcess.sb.in:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (287173 => 287174)


--- trunk/Source/WebKit/ChangeLog	2021-12-17 06:01:14 UTC (rev 287173)
+++ trunk/Source/WebKit/ChangeLog	2021-12-17 07:21:49 UTC (rev 287174)
@@ -1,3 +1,15 @@
+2021-12-16  Per Arne Vollan  <[email protected]>
+
+        [macOS] Adjust syscall filter
+        https://bugs.webkit.org/show_bug.cgi?id=234401
+
+        Reviewed by Tim Horton.
+
+        Adjust syscall filter in the WebContent process' sandbox on macOS. A syscall that was previously
+        believed to only be used on Intel, is being used on all architectures.
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2021-12-16  Alex Christensen  <[email protected]>
 
         Remove more NPAPI plugin code

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (287173 => 287174)


--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2021-12-17 06:01:14 UTC (rev 287173)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2021-12-17 07:21:49 UTC (rev 287174)
@@ -1970,6 +1970,7 @@
         SYS_readlink
         SYS_rename
         SYS_sendto
+        SYS_sigaltstack
         SYS_sigprocmask
         SYS_stat64
         SYS_statfs64
@@ -1984,10 +1985,6 @@
         SYS_write_nocancel
         SYS_writev))
 
-(define (syscall-unix-intel)
-    (syscall-number
-        SYS_sigaltstack))
-
 (define (syscall-unix-apple-silicon)
     (syscall-number
         SYS_guarded_open_dprotected_np ;; <rdar://problem/65897905>
@@ -2028,10 +2025,7 @@
     (if (equal? (param "CPU") "arm64")
         (begin
             (allow syscall-unix
-                (syscall-unix-apple-silicon)))
-        (begin
-            (allow syscall-unix
-                (syscall-unix-intel))))
+                (syscall-unix-apple-silicon))))
 
     (allow syscall-unix
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes