Changeset 254365 in webkit


Ignore:
Timestamp:
Jan 10, 2020 2:17:17 PM (4 years ago)
Author:
Brent Fulgham
Message:

Remove 'com.apple.iohideventsystem' from the WebContent process sandbox
https://bugs.webkit.org/show_bug.cgi?id=206085
<rdar://problem/36085204>

Reviewed by Alex Christensen.

After r253357 we no longer need access to 'com.apple.iohideventsystem', and should remove it from
the WebContent process sandbox.

Source/WebKit:

Test: fast/sandbox/ios/sandbox-mach-lookup.html

  • Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

  • fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
  • fast/sandbox/ios/sandbox-mach-lookup.html:
Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/LayoutTests/ChangeLog

    r254364 r254365  
     12020-01-10  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Remove 'com.apple.iohideventsystem' from the WebContent process sandbox
     4        https://bugs.webkit.org/show_bug.cgi?id=206085
     5        <rdar://problem/36085204>
     6
     7        Reviewed by Alex Christensen.
     8
     9        After r253357 we no longer need access to 'com.apple.iohideventsystem', and should remove it from
     10        the WebContent process sandbox.
     11
     12        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
     13        * fast/sandbox/ios/sandbox-mach-lookup.html:
     14
    1152020-01-10  Brent Fulgham  <bfulgham@apple.com>
    216

  • trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt

    r254364 r254365  
    88PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.TextInput") is false
    99PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.cookied") is false
     10PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.iohideventsystem") is false
    1011PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.locationd.registration") is false
    1112PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.nehelper") is false

  • trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html

    r254364 r254365  
    1111    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.TextInput\")");
    1212    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.cookied\")");
     13    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.iohideventsystem\")");
    1314    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.locationd.registration\")");
    1415    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.nehelper\")");

  • trunk/Source/WebKit/ChangeLog

    r254364 r254365  
     12020-01-10  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Remove 'com.apple.iohideventsystem' from the WebContent process sandbox
     4        https://bugs.webkit.org/show_bug.cgi?id=206085
     5        <rdar://problem/36085204>
     6
     7        Reviewed by Alex Christensen.
     8
     9        After r253357 we no longer need access to 'com.apple.iohideventsystem', and should remove it from
     10        the WebContent process sandbox.
     11
     12        Test: fast/sandbox/ios/sandbox-mach-lookup.html
     13
     14        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
     15        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
     16
    1172020-01-10  Brent Fulgham  <bfulgham@apple.com>
    218

  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb

    r254363 r254365  
    434434    (allow mach-lookup (with report) (with telemetry)
    435435        (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
    436         (global-name "com.apple.iohideventsystem")
    437436    )
    438437

  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

    r254364 r254365  
    444444    (allow mach-lookup (with report) (with telemetry)
    445445        (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
    446         (global-name "com.apple.iohideventsystem")
    447446    )
    448447
Note: See TracChangeset for help on using the changeset viewer.