Title: [291626] trunk/Source/WebKit
- Revision
- 291626
- Author
- pvol...@apple.com
- Date
- 2022-03-22 10:19:45 -0700 (Tue, 22 Mar 2022)
Log Message
[macOS][WP] Add telemetry for syscalls used during launch
https://bugs.webkit.org/show_bug.cgi?id=235865
<rdar://problem/88228583>
Reviewed by Brent Fulgham.
Add telemetry in the WebContent process' sandbox on macOS to determine which syscalls are used only during launch.
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (291625 => 291626)
--- trunk/Source/WebKit/ChangeLog 2022-03-22 17:12:15 UTC (rev 291625)
+++ trunk/Source/WebKit/ChangeLog 2022-03-22 17:19:45 UTC (rev 291626)
@@ -1,3 +1,15 @@
+2022-03-22 Per Arne Vollan <pvol...@apple.com>
+
+ [macOS][WP] Add telemetry for syscalls used during launch
+ https://bugs.webkit.org/show_bug.cgi?id=235865
+ <rdar://problem/88228583>
+
+ Reviewed by Brent Fulgham.
+
+ Add telemetry in the WebContent process' sandbox on macOS to determine which syscalls are used only during launch.
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2022-03-22 J Pascoe <j_pas...@apple.com>
[WebAuthn] Pass along timeout to ASA and ignore timeout for conditional mediation requests
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (291625 => 291626)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2022-03-22 17:12:15 UTC (rev 291625)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2022-03-22 17:19:45 UTC (rev 291626)
@@ -1876,8 +1876,25 @@
(disable-syscall-inference)
#endif
-(define (syscall-unix-common)
+#if HAVE(SANDBOX_STATE_FLAGS)
+(deny user-preference-read (with enable-state-flag "WebContentProcessLaunched")
+ (preference-domain "com.apple.WebKit.WebContent.Launch"))
+#endif
+
+(define (syscall-unix-only-in-use-during-launch)
(syscall-number
+ SYS_csops
+ SYS_csrctl
+ SYS_fsgetpath
+ SYS_getaudit_addr
+ SYS_getfsstat64
+ SYS_getrlimit
+ SYS_kdebug_trace
+ SYS_pathconf
+ SYS_statfs64))
+
+(define (syscall-unix-in-use-after-launch)
+ (syscall-number
SYS___disable_threadsignal
SYS___mac_syscall
SYS___pthread_sigmask
@@ -1888,9 +1905,7 @@
SYS_bsdthread_terminate
SYS_close
SYS_close_nocancel
- SYS_csops
SYS_csops_audittoken
- SYS_csrctl
SYS_exit
SYS_faccessat ;; <rdar://problem/56690456>
SYS_fcntl
@@ -1899,7 +1914,6 @@
SYS_fileport_makefd
SYS_flock
SYS_fsetxattr ;; <rdar://problem/56332491>
- SYS_fsgetpath
SYS_fstat64
SYS_fstatat64
SYS_fstatfs64
@@ -1906,14 +1920,11 @@
SYS_ftruncate
SYS_getattrlist
SYS_getattrlistbulk
- SYS_getaudit_addr
SYS_getdirentries64
SYS_getentropy
SYS_geteuid
- SYS_getfsstat64
SYS_getgid
SYS_gethostuuid
- SYS_getrlimit
SYS_getrusage
SYS_gettimeofday
SYS_getuid
@@ -1920,7 +1931,6 @@
SYS_getxattr
SYS_ioctl
SYS_issetugid
- SYS_kdebug_trace
SYS_kdebug_trace64
SYS_kdebug_trace_string ;; Needed for performance sampling, see <rdar://problem/48829655>.
SYS_kevent_id
@@ -1943,7 +1953,6 @@
SYS_open
SYS_open_nocancel
SYS_openat
- SYS_pathconf
SYS_pread
SYS_proc_info
SYS_psynch_cvbroad
@@ -1961,9 +1970,8 @@
SYS_sendto
SYS_sigaltstack
SYS_sigprocmask
+ SYS_socket
SYS_stat64
- SYS_statfs64
- SYS_socket
SYS_sysctlbyname
SYS_thread_selfid
#if !PLATFORM(MAC)
@@ -2029,10 +2037,22 @@
))
(when (defined? 'syscall-unix)
- (deny syscall-unix (with send-signal SIGKILL))
+ (deny syscall-unix (with telemetry) (with send-signal SIGKILL))
(allow syscall-unix
- (syscall-unix-common))
+ (syscall-unix-in-use-after-launch)
+ (syscall-unix-only-in-use-during-launch))
+#if HAVE(SANDBOX_STATE_FLAGS)
+ (with-filter (state-flag "WebContentProcessLaunched")
+ (deny syscall-unix
+ (syscall-unix-only-in-use-during-launch))
+ (allow syscall-unix
+ (with report)
+ (with telemetry)
+ (with message "Unix syscall used after launch")
+ (syscall-unix-only-in-use-during-launch)))
+#endif
+
(if (equal? (param "CPU") "arm64")
(begin
(allow syscall-unix
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
