Changeset 252211 in webkit


Ignore:
Timestamp:
Nov 7, 2019 3:20:01 PM (4 years ago)
Author:
pvollan@apple.com
Message:

[iOS] Add logging and telemetry to more mach lookup rules
https://bugs.webkit.org/show_bug.cgi?id=203978

Reviewed by Brent Fulgham.

Add logging and telemetry to help determine if mach lookup of these services can be denied in the WebContent process.

  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r252185 r252211  
     12019-11-07  Per Arne Vollan  <pvollan@apple.com>
     2
     3        [iOS] Add logging and telemetry to more mach lookup rules
     4        https://bugs.webkit.org/show_bug.cgi?id=203978
     5
     6        Reviewed by Brent Fulgham.
     7
     8        Add logging and telemetry to help determine if mach lookup of these services can be denied in the WebContent process.
     9
     10        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
     11
    1122019-11-07  Alex Christensen  <achristensen@webkit.org>
    213

  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

    r252081 r252211  
    123123(define-once (play-audio)
    124124    (allow mach-lookup
    125            (global-name "com.apple.audio.AURemoteIOServer")
     125           (global-name "com.apple.audio.AURemoteIOServer"))
     126    (allow mach-lookup (with report) (with telemetry)
    126127           (xpc-service-name "com.apple.audio.toolbox.reporting.service")))
    127128
     
    202203    (allow mach-lookup
    203204           (global-name "com.apple.mediaremoted.xpc"))
     205    (allow mach-lookup (with report) (with telemetry)
     206        (xpc-service-name "com.apple.MediaPlayer.RemotePlayerService"))
    204207)
    205208
     
    628631       (ipc-posix-name-prefix "apple.cfprefs."))
    629632 
    630 (allow mach-lookup
     633(allow mach-lookup (with report) (with telemetry)
     634    (global-name "com.apple.lsd.open")
    631635    (global-name "com.apple.lsd.mapdb"))
    632636
     
    644648    (allow ipc-posix-sem-open))
    645649
     650(allow mach-lookup (with report) (with telemetry)
     651    (global-name "com.apple.runningboard"))
     652
    646653(allow system-sched
    647654       (require-entitlement "com.apple.private.kernel.override-cpumon"))
     
    653660    (allow sysctl-read sysctl-write
    654661           (sysctl-name "vm.footprint_suspend")))
     662
     663(allow mach-lookup (with report) (with telemetry)
     664       (global-name "com.apple.system.logger"))
    655665
    656666(allow file-read-metadata network-outbound
     
    661671(allow ipc-posix-shm-read*
    662672       (ipc-posix-name "apple.shm.notification_center"))
     673
     674(allow mach-lookup (with report) (with telemetry)
     675    (global-name "com.apple.diagnosticd"))
    663676
    664677(logd-diagnostic-client)
     
    718731(speech-synthesis-and-voiceover)
    719732
    720 (allow mach-lookup
     733(allow mach-lookup (with report) (with telemetry)
    721734    (global-name "com.apple.audio.AudioComponentRegistrar"))
    722735
     
    762775(allow file-read*
    763776    (well-known-system-group-container-subpath "/systemgroup.com.apple.lsd.iconscache"))
    764 (allow mach-lookup
     777(allow mach-lookup (with report) (with telemetry)
    765778    (xpc-service-name "com.apple.iconservices")
    766779    (global-name "com.apple.iconservices"))
Note: See TracChangeset for help on using the changeset viewer.