Changeset 251935 in webkit


Ignore:
Timestamp:
Nov 1, 2019 1:19:11 PM (4 years ago)
Author:
pvollan@apple.com
Message:

Investigate if mach lookup access to *.apple-extension-service, *.viewservice, and com.apple.uikit.viewservice.* can be denied
https://bugs.webkit.org/show_bug.cgi?id=203626

Reviewed by Alexey Proskuryakov.

Modify the allow rule for these services to include the telemetry option.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r251925 r251935  
     12019-11-01  Per Arne Vollan  <pvollan@apple.com>
     2
     3        Investigate if mach lookup access to *.apple-extension-service, *.viewservice, and com.apple.uikit.viewservice.* can be denied
     4        https://bugs.webkit.org/show_bug.cgi?id=203626
     5
     6        Reviewed by Alexey Proskuryakov.
     7
     8        Modify the allow rule for these services to include the telemetry option.
     9
     10        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
     11
    1122019-11-01  Peng Liu  <peng.liu6@apple.com>
    213
  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

    r251897 r251935  
    426426    (allow mach-lookup
    427427        (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
     428        (global-name "com.apple.CARenderServer")
     429        (global-name "com.apple.iohideventsystem")
     430    )
     431
     432    (allow mach-lookup (with telemetry)
    428433        (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")
    429434        (xpc-service-name-regex #"\.apple-extension-service$") ;; <rdar://problem/19525887>
    430435        (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371>
    431         (global-name "com.apple.CARenderServer")
    432         (global-name "com.apple.iohideventsystem")
    433436    )
    434437
Note: See TracChangeset for help on using the changeset viewer.