Changeset 294898 in webkit


Ignore:
Timestamp:
May 26, 2022 2:29:42 PM (2 years ago)
Author:
pvollan@apple.com
Message:

[macOS][GPUP] Block unused system calls
https://bugs.webkit.org/show_bug.cgi?id=240966
<rdar://84826074>

Reviewed by Chris Dumez.

  • Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:

Canonical link: https://commits.webkit.org/251021@main

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in

    r293509 r294898  
    905905           
    906906(when (and (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES") (defined? 'syscall-mach))
    907     (allow syscall-mach (with telemetry))
     907    (deny syscall-mach (with telemetry))
    908908    (allow syscall-mach (machtrap-number
    909909        MSC__kernelrpc_mach_port_allocate_trap
     
    912912        MSC__kernelrpc_mach_port_destruct_trap
    913913        MSC__kernelrpc_mach_port_extract_member_trap
     914        MSC__kernelrpc_mach_port_get_attributes_trap
    914915        MSC__kernelrpc_mach_port_guard_trap
    915916        MSC__kernelrpc_mach_port_insert_member_trap
     
    918919        MSC__kernelrpc_mach_port_request_notification_trap
    919920        MSC__kernelrpc_mach_port_type_trap
     921        MSC__kernelrpc_mach_port_unguard_trap
    920922        MSC__kernelrpc_mach_vm_allocate_trap
    921923        MSC__kernelrpc_mach_vm_deallocate_trap
    922924        MSC__kernelrpc_mach_vm_map_trap
    923925        MSC__kernelrpc_mach_vm_protect_trap
     926        MSC__kernelrpc_mach_vm_purgable_control_trap
    924927        MSC_host_create_mach_voucher_trap
    925928        MSC_host_self_trap
     929        MSC_iokit_user_client_trap
     930        MSC_mach_generate_activity_id
    926931        MSC_mach_msg_trap
     932        MSC_mach_msg2_trap
    927933        MSC_mach_reply_port
    928934        MSC_mach_voucher_extract_attr_recipe_trap
     935        MSC_mk_timer_arm
     936        MSC_mk_timer_cancel
     937        MSC_mk_timer_create
     938        MSC_mk_timer_destroy
    929939        MSC_pid_for_task
    930940        MSC_semaphore_signal_trap
     941        MSC_semaphore_timedwait_trap
    931942        MSC_semaphore_wait_trap
    932943        MSC_swtch_pri
    933944        MSC_syscall_thread_switch
     945        MSC_task_name_for_pid
     946        MSC_task_self_trap
    934947        MSC_thread_get_special_reply_port)))
    935948#endif // HAVE(SANDBOX_MESSAGE_FILTERING)
    936949
    937950(when (defined? 'syscall-unix)
    938     (allow syscall-unix (with telemetry))
     951    (deny syscall-unix (with telemetry))
    939952    (allow syscall-unix (syscall-number
    940953        SYS___channel_open
    941954        SYS___disable_threadsignal
    942955        SYS___mac_syscall
     956        SYS___pthread_canceled
    943957        SYS___pthread_kill
    944958        SYS___pthread_sigmask
     
    982996        SYS_getuid
    983997        SYS_getxattr
     998        SYS_guarded_open_np
    984999        SYS_issetugid
    9851000        SYS_kdebug_trace
     
    10251040        SYS_rename
    10261041        SYS_sendto
     1042        SYS_setrlimit
     1043        SYS_setsockopt
    10271044        SYS_sigaltstack
    10281045        SYS_sigprocmask
Note: See TracChangeset for help on using the changeset viewer.