Context Navigation

← Previous Changeset
Next Changeset →

Changeset 286778 in webkit

Timestamp:

Dec 9, 2021 7:07:32 AM (2 years ago)

Author:

pvollan@apple.com

Message:

[macOS][WP] Block access to unused system calls
https://bugs.webkit.org/show_bug.cgi?id=234003

Reviewed by Brent Fulgham.

Based on telemetry, block access to unused system calls in the WebContent process on macOS.

WebProcess/com.apple.WebProcess.sb.in:

Location:

trunk/Source/WebKit

Files:

: 2 edited

ChangeLog (modified) (1 diff)
WebProcess/com.apple.WebProcess.sb.in (modified) (10 diffs)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/WebKit/ChangeLog

-                      r286777
+                      r286778
+-12-09  Per Arne Vollan  <pvollan@apple.com>
+        [macOS][WP] Block access to unused system calls
+        https://bugs.webkit.org/show_bug.cgi?id=234003
+        Reviewed by Brent Fulgham.
+        Based on telemetry, block access to unused system calls in the WebContent process on macOS.
+        * WebProcess/com.apple.WebProcess.sb.in:
 -12-09  Commit Queue  <commit-queue@webkit.org>

trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

-                      r286465
+                      r286778
         SYS___disable_threadsignal
         SYS___mac_syscall
+        SYS___pthread_sigmask
+        SYS___semwait_signal
         SYS_access
         SYS_bsdthread_create
 …
         SYS_csrctl
         SYS_exit
+        SYS_faccessat ;; <rdar://problem/56690456>
         SYS_fcntl
         SYS_fcntl_nocancel
 …
         SYS_kevent_id
         SYS_kevent_qos
+        SYS_kqueue_workloop_ctl ;; <rdar://problem/50999499>
+        SYS_listxattr
         SYS_lseek
         SYS_lstat64
 …
         SYS_psynch_mutexdrop
         SYS_psynch_mutexwait
+        SYS_psynch_rw_unlock
+        SYS_psynch_rw_wrlock
         SYS_read
         SYS_read_nocancel
         SYS_readlink
         SYS_rename
+        SYS_sendto
+        SYS_sigprocmask
         SYS_stat64
         SYS_statfs64
+        SYS_socket
         SYS_sysctlbyname
         SYS_thread_selfid
         SYS_ulock_wait
         SYS_ulock_wake
+        SYS_umask
+        SYS_work_interval_ctl
         SYS_workq_kernreturn
         SYS_write_nocancel
 …
 (define (syscall-unix-intel)
     (syscall-number
+        SYS___pthread_sigmask
+        SYS___semwait_signal
+        SYS_faccessat ;; <rdar://problem/56690456>
+        SYS_kqueue_workloop_ctl ;; <rdar://problem/50999499>
+        SYS_listxattr
+        SYS_psynch_rw_unlock
+        SYS_psynch_rw_wrlock
+        SYS_sendto
+        SYS_sigaltstack
+        SYS_sigprocmask
+        SYS_socket
+        SYS_umask
+        SYS_work_interval_ctl))
+        SYS_sigaltstack))
 (define (syscall-unix-apple-silicon)
 …
         SYS_mremap_encrypted))
 (define (syscalls-possibly-unused)
+(define (syscalls-rarely-used)
     (syscall-number
         SYS___pthread_kill
-        SYS___pthread_markcancel
         SYS___semwait_signal_nocancel
-        SYS_abort_with_payload
         SYS_change_fdguard_np
         SYS_chmod
-        SYS_chmod_extended
         SYS_connect
-        SYS_connect_nocancel
-        SYS_connectx
-        SYS_dup
         SYS_fchmod
-        SYS_fgetattrlist ;; <rdar://problem/50931110>
-        SYS_fileport_makeport
-        SYS_fstat64_extended ;; <rdar://problem/61310019>
         SYS_fsync
         SYS_getegid
-        SYS_getpeername
         SYS_getpriority ;; rdar://81727094. Required for CoreAudio AudioOutputUnitStart call. Remove when GPU process is enabled by default.
-        SYS_getsockopt
-        SYS_gettid ;; Needed for base system, see <rdar://problem/48651255>
         SYS_guarded_close_np
         SYS_guarded_open_np
         SYS_guarded_pwrite_np
-        SYS_guarded_write_np
         SYS_kdebug_typefilter
-        SYS_kevent
-        SYS_kqueue ;; <rdar://problem/49609201>
-        SYS_lstat64_extended
-        SYS_lstat_extended
-        SYS_memorystatus_control ;; Needed for memory measurement infrastructure, see <rdar://problem/48647263>
-        SYS_mkdirat
         SYS_mlock
         SYS_munlock
         SYS_necp_client_action
         SYS_necp_open
-        SYS_open_dprotected_np ;; <rdar://problem/74473824>
         SYS_openat_nocancel
-        SYS_pipe
         SYS_proc_rlimit_control
-        SYS_process_policy
-        SYS_psynch_rw_rdlock ;; <rdar://problem/49060359>
-        SYS_pwrite
-        SYS_quotactl ;; <rdar://problem/49945031>
-        SYS_recvfrom
-        SYS_recvfrom_nocancel
-        SYS_rmdir
-        SYS_select
-        SYS_select_nocancel
-        SYS_sem_post
-        SYS_sem_wait
-        SYS_sendmsg_nocancel
-        SYS_sendto_nocancel
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 120000
-        SYS_setattrlist ;; rdar://problem/74162777
-#endif
-        SYS_setpriority
-        SYS_setrlimit
-        SYS_setsockopt
         SYS_shm_open
-        SYS_shutdown
         SYS_sigaction
-        SYS_sigreturn
-        SYS_socketpair
-        SYS_stat64_extended ;; <rdar://problem/50473330>
         SYS_sysctl
-        SYS_terminate_with_payload ;; <rdar://problem/50026580>
-        SYS_thread_selfusage
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 110000
-        SYS_ulock_wait2 ;; <rdar://problem/58743778>
-#endif
         SYS_unlink
         SYS_write))
 …
         (begin
             (allow syscall-unix
+                (syscall-unix-apple-silicon))
+            (allow syscall-unix
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
+                (with telemetry-backtrace)
+#endif
+                (syscall-unix-intel)))
+                (syscall-unix-apple-silicon)))
         (begin
             (allow syscall-unix
 …
         (with telemetry-backtrace)
 #endif
         (syscalls-possibly-unused))
+        (syscalls-rarely-used))
 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 101500
 …
         MSC__kernelrpc_mach_port_destruct_trap
         MSC__kernelrpc_mach_port_extract_member_trap
+        MSC__kernelrpc_mach_port_get_attributes_trap
         MSC__kernelrpc_mach_port_guard_trap
         MSC__kernelrpc_mach_port_insert_member_trap
 …
         MSC_pid_for_task
         MSC_semaphore_signal_trap
+        MSC_semaphore_timedwait_trap
         MSC_semaphore_wait_trap
+        MSC_swtch_pri
         MSC_syscall_thread_switch
         MSC_task_name_for_pid
+        MSC_thread_get_special_reply_port))
+(define (syscall-mach-intel)
+    (machtrap-number
+        MSC_semaphore_timedwait_trap
+        MSC_thread_get_special_reply_port
         MSC_thread_self_trap))
-(define (syscall-mach-apple-silicon)
-    (machtrap-number
-        MSC__kernelrpc_mach_port_get_attributes_trap
-        MSC_swtch_pri))
 (when (and (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES") (defined? 'syscall-mach))
     (allow syscall-mach
         (syscall-mach-common))
-    (if (equal? (param "CPU") "arm64")
-        (begin
-            (allow syscall-mach
-                (syscall-mach-apple-silicon))
-            (allow syscall-mach
-                (with telemetry)
-                (syscall-mach-intel)))
-        (begin
-            (allow syscall-mach
-                (syscall-mach-intel))
-            (allow syscall-mach
-                (with telemetry)
-                (syscall-mach-apple-silicon))))
-    (allow syscall-mach
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
-        (with telemetry-backtrace)
-#endif
-        (machtrap-number
-            MSC_mach_msg_overwrite_trap)))
     (when (defined? 'MSC_mach_msg2_trap)

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 286778 in webkit

Legend:

trunk/Source/WebKit/ChangeLog

trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Download in other formats: