Changeset 213564 in webkit
- Timestamp:
- Mar 7, 2017 8:49:26 PM (7 years ago)
- Location:
- trunk/Source/WebKit2
- Files:
-
- 5 edited
-
ChangeLog (modified) (1 diff)
-
DatabaseProcess/mac/com.apple.WebKit.Databases.sb.in (modified) (1 diff)
-
NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (modified) (1 diff)
-
PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in (modified) (1 diff)
-
WebProcess/com.apple.WebProcess.sb.in (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit2/ChangeLog
r213557 r213564 1 2017-03-07 Brent Fulgham <bfulgham@apple.com> 2 3 [Mac][WK2] Whitelist iokit-get-properties 4 https://bugs.webkit.org/show_bug.cgi?id=169331 5 <rdar://problem/16363632> 6 7 Reviewed by Alex Christensen. 8 9 Block access to all IOKit properties by default. Turn on only those properties 10 that are actually needed by our engine. 11 12 * DatabaseProcess/mac/com.apple.WebKit.Databases.sb.in: 13 * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in: 14 * PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in: 15 * WebProcess/com.apple.WebProcess.sb.in: 16 1 17 2017-03-07 Simon Fraser <simon.fraser@apple.com> 2 18 -
trunk/Source/WebKit2/DatabaseProcess/mac/com.apple.WebKit.Databases.sb.in
r213544 r213564 41 41 "hw.model" 42 42 "kern.memorystatus_level")) 43 44 (deny iokit-get-properties) 43 45 #endif 44 46 -
trunk/Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in
r213544 r213564 41 41 "hw.model" 42 42 "kern.memorystatus_level")) 43 44 (deny iokit-get-properties) 43 45 #endif 44 46 -
trunk/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in
r213544 r213564 41 41 "hw.model" 42 42 "kern.memorystatus_level")) 43 44 (deny iokit-get-properties) 45 (allow iokit-get-properties 46 (iokit-property "AllowDisplaySleep") 47 (iokit-property "DisplayRouting") 48 (iokit-property-regex #"^IOAudioControl(ChannelID|ID|SubType|Usage)") 49 (iokit-property-regex #"^IOAudioDevice(CanBeDefaults|TransportType)") 50 (iokit-property-regex #"^IOAudioEngine(ChannelNames|ClientDescription|CoreAudioPlugIn|Description|Flavor|GlobalUniqueID|OutputChannelLayout|SampleOffset|State)") 51 (iokit-property-regex #"^IOAudioEngineClock(Domain|IsStable)") 52 (iokit-property "IOAudioEngineDisableClockBoundsCheck") 53 (iokit-property-regex #"^IOAudioEngine(Input|Output)Sample(Latency|Offset)") 54 (iokit-property-regex #"^IOAudioEngineNum(ActiveUserClients|SampleFramesPerBuffer)") 55 (iokit-property "IOAudioSampleRate") 56 (iokit-property "IOAudioStreamSampleFormatByteOrder") 57 (iokit-property "IOClassNameOverride") 58 (iokit-property "IOConsoleUsers") 59 (iokit-property "IOFBCurrentPixelClock") 60 (iokit-property-regex #"^IOFBCurrentPixelCount(Real)") 61 (iokit-property "IOGeneralInterest") 62 (iokit-property "IOGLBundleName") 63 (iokit-property "IOScreenRestoreState") 64 (iokit-property "IOVARendererID") 65 (iokit-property-regex #"^MetalPlugin(Name|ClassName)") 66 (iokit-property "SupportAudioAUUC") 67 (iokit-property "board-id") 68 (iokit-property "idProduct") 69 (iokit-property "idVendor")) 43 70 #endif 44 71 -
trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in
r213544 r213564 44 44 "hw.model" 45 45 "kern.memorystatus_level")) 46 47 (deny iokit-get-properties) 48 (allow iokit-get-properties 49 (iokit-property "AllowDisplaySleep") 50 (iokit-property "AAPL,mux-switch-state") 51 (iokit-property-regex #"^ATY,fb_(linebytes|offset|size)") 52 (iokit-property "CFBundleIdentifier") 53 (iokit-property "DisplayRouting") 54 (iokit-property-regex #"^IOAccel(Index|Types|Revision)") 55 (iokit-property-regex #"^IO(Class|MatchCategory|NameMatch)") 56 (iokit-property-regex #"^IOAudioControl(ChannelID|ID|SubType|Usage)") 57 (iokit-property-regex #"^IOAudioDevice(CanBeDefaults|TransportType)") 58 (iokit-property-regex #"^IOAudioEngine(ChannelNames|ClientDescription|CoreAudioPlugIn|Description|Flavor|GlobalUniqueID|OutputChannelLayout|SampleOffset|State)") 59 (iokit-property-regex #"^IOAudioEngineClock(Domain|IsStable)") 60 (iokit-property "IOAudioEngineDisableClockBoundsCheck") 61 (iokit-property-regex #"^IOAudioEngine(Input|Output)Sample(Latency|Offset)") 62 (iokit-property-regex #"^IOAudioEngineNum(ActiveUserClients|SampleFramesPerBuffer)") 63 (iokit-property "IOAudioSampleRate") 64 (iokit-property "IOAudioStreamSampleFormatByteOrder") 65 (iokit-property "IOCFPlugInTypes") 66 (iokit-property-regex #"^IOClass(|NameOverride)") 67 (iokit-property "IOConsoleUsers") 68 (iokit-property "IODVDBundleName") 69 (iokit-property "IODisplayParameters") 70 (iokit-property-regex #"^IOFB(CLUTDefer|Config|CursorInfo|Dependent(ID|Index))") 71 (iokit-property "IOFBCurrentPixelClock") 72 (iokit-property-regex #"^IOFBCurrentPixelCount(|Real)") 73 (iokit-property-regex #"^IOFB(DetailedTimings|Gamma(Count|HeaderSize|Width))") 74 (iokit-property-regex #"^IOFBI2CInterface(IDs|Info)") 75 (iokit-property-regex #"^IOFB(MemorySize|NeedsRefresh|ProbeOptions|ScalerInfo|TimingRange|Transform|UIScale|WaitCursor(Frames|Period))") 76 (iokit-property "IOFramebufferOpenGLIndex") 77 (iokit-property "IOGeneralInterest") 78 (iokit-property "IOGLBundleName") 79 (iokit-property-regex #"^IOGVA(Codec|EncoderRestricted)") 80 (iokit-property "IOMatchCategory") 81 (iokit-property-regex #"^IONameMatch(|ed)") 82 (iokit-property "IOPMStrictTreeOrder") 83 (iokit-property "IOPowerManagement") 84 (iokit-property "IOProbeScore") 85 (iokit-property "IOProviderClass") 86 (iokit-property "IOScreenRestoreState") 87 (iokit-property "IOVARendererID") 88 (iokit-property-regex #"^MetalPlugin(Name|ClassName)") 89 (iokit-property "Protocol Characteristics") 90 (iokit-property "SupportAudioAUUC") 91 (iokit-property-regex #"^audio-(codec-info|selector)") 92 (iokit-property "av-signal-type") 93 (iokit-property "board-id") 94 (iokit-property "boot-gamma-restored") 95 (iokit-property "graphic-options") 96 (iokit-property "idProduct") 97 (iokit-property "idVendor") 98 (iokit-property "iofb_version") 99 (iokit-property "startup-timing")) 46 100 #endif 47 101
Note: See TracChangeset
for help on using the changeset viewer.
