Changeset 240500 in webkit


Ignore:
Timestamp:
Jan 25, 2019 1:40:11 PM (5 years ago)
Author:
pvollan@apple.com
Message:

[iOS] Deny mach lookups to services not used.
https://bugs.webkit.org/show_bug.cgi?id=193828

Reviewed by Brent Fulgham.

Start denying mach lookups to iOS services, which were previously allowed with reporting.
Living-on has indicated that these services are not used.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r240498 r240500  
     12019-01-25  Per Arne Vollan  <pvollan@apple.com>
     2
     3        [iOS] Deny mach lookups to services not used.
     4        https://bugs.webkit.org/show_bug.cgi?id=193828
     5
     6        Reviewed by Brent Fulgham.
     7
     8        Start denying mach lookups to iOS services, which were previously allowed with reporting.
     9        Living-on has indicated that these services are not used.
     10
     11        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
     12
    1132019-01-25  Brent Fulgham  <bfulgham@apple.com>
    214

  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

    r240478 r240500  
    450450    (global-name "com.apple.coremedia.videoqueue"))
    451451
    452 (allow mach-lookup (with report)
     452;; These services have been identified as unused during living-on.
     453;; This list overrides some definitions above and in common.sb.
     454;; FIXME: remove overridden rules once the final list has been
     455;; established, see https://bugs.webkit.org/show_bug.cgi?id=193840
     456(deny mach-lookup
    453457    (global-name "com.apple.AGXCompilerService")
    454458    (global-name "com.apple.CoreAuthentication.daemon.libxpc")
     
    477481    (global-name "com.apple.assertiond.processassertionconnection")
    478482    (global-name "com.apple.assertiond.processinfoservice")
    479     (global-name "com.apple.audio.AURemoteIOServer")
    480483    (global-name "com.apple.audio.AudioComponentPrefs")
    481484    (global-name "com.apple.audio.AudioQueueServer")
     
    498501    (global-name "com.apple.coremedia.capturesource")
    499502    (global-name "com.apple.coremedia.compressionsession")
    500     (global-name "com.apple.coremedia.endpoint.xpc")
    501503    (global-name "com.apple.coremedia.endpointplaybacksession.xpc")
    502504    (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
    503505    (global-name "com.apple.coremedia.figcontentkeysession.xpc")
    504     (global-name "com.apple.coremedia.figcpecryptor")
    505506    (global-name "com.apple.coremedia.remotequeue")
    506507    (global-name "com.apple.coremedia.samplebufferaudiorenderer.xpc")
     
    532533    (global-name "com.apple.mediaserverd")
    533534    (global-name "com.apple.mobile.usermanagerd.xpc")
    534     (global-name "com.apple.mobilegestalt.xpc")
    535535    (global-name "com.apple.nehelper")
    536536    (global-name "com.apple.nesessionmanager")
Note: See TracChangeset for help on using the changeset viewer.