Changeset 292003 in webkit
- Timestamp:
- Mar 28, 2022 4:03:52 PM (2 years ago)
- Location:
- trunk/Source/WebKit
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
WebProcess/com.apple.WebProcess.sb.in (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r291994 r292003 1 2022-03-28 Per Arne Vollan <pvollan@apple.com> 2 3 [macOS] Block access to IOKit class 4 https://bugs.webkit.org/show_bug.cgi?id=238457 5 6 Reviewed by Geoffrey Garen. 7 8 Block access to IOKit class AGPMClient on macOS. We already block all messages for this class. 9 10 * WebProcess/com.apple.WebProcess.sb.in: 11 1 12 2022-03-28 Fujii Hironori <Hironori.Fujii@sony.com> 2 13 -
trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
r291943 r292003 455 455 456 456 ;; QuartzCore 457 (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES") 458 (allow iokit-open 459 (require-all 460 (extension "com.apple.webkit.extension.iokit") 461 (iokit-registry-entry-class "AGPMClient") 462 ) 463 (apply-message-filter 464 (deny (with telemetry) 465 iokit-async-external-method 466 iokit-external-trap 467 iokit-external-method 468 ) 469 ) 470 ) 471 ; else 472 (allow iokit-open 473 (require-all 474 (extension "com.apple.webkit.extension.iokit") 475 (iokit-registry-entry-class "AGPMClient") 476 ) 477 ) 478 ) 457 #if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED > 110000 458 (deny iokit-open (with no-log) 459 (iokit-registry-entry-class "AGPMClient")) 460 #else 461 (allow iokit-open 462 (require-all 463 (extension "com.apple.webkit.extension.iokit") 464 (iokit-registry-entry-class "AGPMClient"))) 465 #endif 466 479 467 (if (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES") 480 468 (allow iokit-open
Note: See TracChangeset
for help on using the changeset viewer.
