Title: [295572] trunk/Source/WebKit
- Revision
- 295572
- Author
- pvol...@apple.com
- Date
- 2022-06-15 14:35:30 -0700 (Wed, 15 Jun 2022)
Log Message
Block network extension system calls
https://bugs.webkit.org/show_bug.cgi?id=241633
<rdar://73513138>
Reviewed by Sihui Liu.
After moving content filtering to the Network process and fixing an issue where Safari's injected bundle were
making network calls, network extension system calls can be blocked in the WebContent process.
* Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
* Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:
Canonical link: https://commits.webkit.org/251577@main
Modified Paths
Diff
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (295571 => 295572)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2022-06-15 20:44:22 UTC (rev 295571)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2022-06-15 21:35:30 UTC (rev 295572)
@@ -1197,8 +1197,10 @@
SYS___semwait_signal
SYS_getattrlistbulk ;; xpc_realpath and directory enumeration
SYS_iopolicysys
+#if !ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
SYS_necp_client_action
SYS_necp_open
+#endif
SYS_open_dprotected_np
SYS_psynch_rw_wrlock
SYS_socket
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (295571 => 295572)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2022-06-15 20:44:22 UTC (rev 295571)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2022-06-15 21:35:30 UTC (rev 295572)
@@ -1987,8 +1987,10 @@
SYS_kevent ;; <rdar://89072361>
SYS_mlock
SYS_munlock
+#if !ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
SYS_necp_client_action
SYS_necp_open
+#endif
SYS_openat_nocancel
SYS_proc_rlimit_control
SYS_psynch_rw_rdlock
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes