Changeset 294969 in webkit


Ignore:
Timestamp:
May 27, 2022 5:00:04 PM (2 years ago)
Author:
pvollan@apple.com
Message:

[macOS][GPUP] Block unused system calls
https://bugs.webkit.org/show_bug.cgi?id=240966
<rdar://84826074>

Reviewed by Chris Dumez.

  • Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:

Canonical link: https://commits.webkit.org/251073@main

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in

    r294936 r294969  
    905905           
    906906(when (and (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES") (defined? 'syscall-mach))
    907     (allow syscall-mach (with telemetry))
     907    (deny syscall-mach (with telemetry))
    908908    (allow syscall-mach (machtrap-number
    909909        MSC__kernelrpc_mach_port_allocate_trap
     
    912912        MSC__kernelrpc_mach_port_destruct_trap
    913913        MSC__kernelrpc_mach_port_extract_member_trap
     914        MSC__kernelrpc_mach_port_get_attributes_trap
    914915        MSC__kernelrpc_mach_port_guard_trap
    915916        MSC__kernelrpc_mach_port_insert_member_trap
     
    918919        MSC__kernelrpc_mach_port_request_notification_trap
    919920        MSC__kernelrpc_mach_port_type_trap
     921        MSC__kernelrpc_mach_port_unguard_trap
    920922        MSC__kernelrpc_mach_vm_allocate_trap
    921923        MSC__kernelrpc_mach_vm_deallocate_trap
    922924        MSC__kernelrpc_mach_vm_map_trap
    923925        MSC__kernelrpc_mach_vm_protect_trap
     926        MSC__kernelrpc_mach_vm_purgable_control_trap
    924927        MSC_host_create_mach_voucher_trap
    925928        MSC_host_self_trap
     929        MSC_iokit_user_client_trap
     930        MSC_mach_generate_activity_id
    926931        MSC_mach_msg_trap
    927932        MSC_mach_reply_port
    928933        MSC_mach_voucher_extract_attr_recipe_trap
     934        MSC_mk_timer_arm
     935        MSC_mk_timer_cancel
     936        MSC_mk_timer_create
     937        MSC_mk_timer_destroy
    929938        MSC_pid_for_task
    930939        MSC_semaphore_signal_trap
     940        MSC_semaphore_timedwait_trap
    931941        MSC_semaphore_wait_trap
    932942        MSC_swtch_pri
    933943        MSC_syscall_thread_switch
    934         MSC_thread_get_special_reply_port)))
     944        MSC_task_name_for_pid
     945        MSC_task_self_trap
     946        MSC_thread_get_special_reply_port))
     947
     948    (when (defined? 'MSC_mach_msg2_trap)
     949        (allow syscall-mach
     950            (machtrap-number MSC_mach_msg2_trap))))
    935951#endif // HAVE(SANDBOX_MESSAGE_FILTERING)
    936952
    937953(when (defined? 'syscall-unix)
    938     (allow syscall-unix (with telemetry))
     954    (deny syscall-unix (with telemetry))
    939955    (allow syscall-unix (syscall-number
    940956        SYS___channel_open
    941957        SYS___disable_threadsignal
    942958        SYS___mac_syscall
     959        SYS___pthread_canceled
    943960        SYS___pthread_kill
    944961        SYS___pthread_sigmask
     
    982999        SYS_getuid
    9831000        SYS_getxattr
     1001        SYS_guarded_open_np
    9841002        SYS_issetugid
    9851003        SYS_kdebug_trace
     
    10251043        SYS_rename
    10261044        SYS_sendto
     1045        SYS_setrlimit
     1046        SYS_setsockopt
    10271047        SYS_sigaltstack
    10281048        SYS_sigprocmask
Note: See TracChangeset for help on using the changeset viewer.