Changeset 293733 in webkit


Ignore:
Timestamp:
May 3, 2022 11:25:46 AM (2 years ago)
Author:
pvollan@apple.com
Message:

[iOS][GPUP] Remove Mach sandbox extensions for non browser clients
https://bugs.webkit.org/show_bug.cgi?id=240008

Reviewed by Geoffrey Garen.

Remove Mach sandbox extensions for clients that are not browsers in the GPU process on iOS. The same set of extensions
has recently been removed from the WebContent process. We also block these in the GPU process' sandbox, so there should
be no change in behavior.

  • GPUProcess/GPUProcess.cpp:

(WebKit::GPUProcess::initializeGPUProcess):

  • GPUProcess/GPUProcessCreationParameters.cpp:

(WebKit::GPUProcessCreationParameters::encode const):
(WebKit::GPUProcessCreationParameters::decode):

  • GPUProcess/GPUProcessCreationParameters.h:
  • UIProcess/GPU/GPUProcessProxy.cpp:

(WebKit::GPUProcessProxy::GPUProcessProxy):
(WebKit::nonBrowserServices): Deleted.

Location:
trunk/Source/WebKit
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r293732 r293733  
     12022-05-03  Per Arne Vollan  <pvollan@apple.com>
     2
     3        [iOS][GPUP] Remove Mach sandbox extensions for non browser clients
     4        https://bugs.webkit.org/show_bug.cgi?id=240008
     5
     6        Reviewed by Geoffrey Garen.
     7
     8        Remove Mach sandbox extensions for clients that are not browsers in the GPU process on iOS. The same set of extensions
     9        has recently been removed from the WebContent process. We also block these in the GPU process' sandbox, so there should
     10        be no change in behavior.
     11
     12        * GPUProcess/GPUProcess.cpp:
     13        (WebKit::GPUProcess::initializeGPUProcess):
     14        * GPUProcess/GPUProcessCreationParameters.cpp:
     15        (WebKit::GPUProcessCreationParameters::encode const):
     16        (WebKit::GPUProcessCreationParameters::decode):
     17        * GPUProcess/GPUProcessCreationParameters.h:
     18        * UIProcess/GPU/GPUProcessProxy.cpp:
     19        (WebKit::GPUProcessProxy::GPUProcessProxy):
     20        (WebKit::nonBrowserServices): Deleted.
     21
    1222022-05-03  Per Arne Vollan  <pvollan@apple.com>
    223

  • trunk/Source/WebKit/GPUProcess/GPUProcess.cpp

    r293285 r293733  
    254254    SandboxExtension::consumePermanently(parameters.compilerServiceExtensionHandles);
    255255    SandboxExtension::consumePermanently(parameters.dynamicIOKitExtensionHandles);
    256     SandboxExtension::consumePermanently(parameters.dynamicMachExtensionHandles);
    257256#endif
    258257

  • trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.cpp

    r290621 r293733  
    6161    encoder << compilerServiceExtensionHandles;
    6262    encoder << dynamicIOKitExtensionHandles;
    63     encoder << dynamicMachExtensionHandles;
    6463#endif
    6564
     
    112111        return false;
    113112    result.dynamicIOKitExtensionHandles = WTFMove(*dynamicIOKitExtensionHandles);
    114 
    115     std::optional<Vector<SandboxExtension::Handle>> dynamicMachExtensionHandles;
    116     decoder >> dynamicMachExtensionHandles;
    117     if (!dynamicMachExtensionHandles)
    118         return false;
    119     result.dynamicMachExtensionHandles = WTFMove(*dynamicMachExtensionHandles);
    120113#endif
    121114

  • trunk/Source/WebKit/GPUProcess/GPUProcessCreationParameters.h

    r290621 r293733  
    6161    Vector<SandboxExtension::Handle> compilerServiceExtensionHandles;
    6262    Vector<SandboxExtension::Handle> dynamicIOKitExtensionHandles;
    63     Vector<SandboxExtension::Handle> dynamicMachExtensionHandles;
    6463#endif
    6564

  • trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp

    r293562 r293733  
    8282#endif
    8383
    84 #if PLATFORM(IOS_FAMILY)
    85 static const Vector<ASCIILiteral>& nonBrowserServices()
    86 {
    87     ASSERT(isMainRunLoop());
    88     static NeverDestroyed services = Vector<ASCIILiteral> {
    89         "com.apple.iconservices"_s,
    90         "com.apple.PowerManagement.control"_s,
    91         "com.apple.frontboard.systemappservices"_s
    92     };
    93     return services;
    94 }
    95 #endif
    96 
    9784static WeakPtr<GPUProcessProxy>& singleton()
    9885{
     
    174161        parameters.dynamicIOKitExtensionHandles = SandboxExtension::createHandlesForIOKitClassExtensions(WebCore::agxCompilerClasses(), std::nullopt);
    175162    }
    176 
    177     if (!WebCore::IOSApplication::isMobileSafari())
    178         parameters.dynamicMachExtensionHandles = SandboxExtension::createHandlesForMachLookup(nonBrowserServices(), std::nullopt);
    179163#endif
    180164
Note: See TracChangeset for help on using the changeset viewer.