Changeset 256450 in webkit

Timestamp:

Feb 12, 2020 10:40:04 AM (4 years ago)

Author:

pvollan@apple.com

Message:

[iOS] Deny mach lookup access to view service in the WebContent process
​https://bugs.webkit.org/show_bug.cgi?id=207487
Source/WebKit:

<rdar://problem/56995704>

Reviewed by Darin Adler.

As part of sandbox hardening, mach lookup access to com.apple.uikit.viewservice should be denied.

Test: fast/sandbox/ios/sandbox-mach-lookup.html

• Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

LayoutTests:

Reviewed by Darin Adler.

• fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
• fast/sandbox/ios/sandbox-mach-lookup.html:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt (modified) (1 diff)
• LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html (modified) (1 diff)
• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2020-02-12  Per Arne Vollan  <pvollan@apple.com>
+
+        [iOS] Deny mach lookup access to view service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=207487
+
+        Reviewed by Darin Adler.
+
+        * fast/sandbox/ios/sandbox-mach-lookup-expected.txt:
+        * fast/sandbox/ios/sandbox-mach-lookup.html:
+
 2020-02-12  Jacob Uphoff  <jacob_uphoff@apple.com>
 

trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt

@@ -19 +19 @@
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.aggregated") is false
 PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.tccd") is false
+PASS internals.hasSandboxMachLookupAccessToGlobalName("com.apple.WebKit.WebContent", "com.apple.uikit.viewservice") is false

trunk/LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html

@@ -22 +22 @@
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.aggregated\")");
     shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.tccd\")");
+    shouldBeFalse("internals.hasSandboxMachLookupAccessToGlobalName(\"com.apple.WebKit.WebContent\", \"com.apple.uikit.viewservice\")");
 }
 </script>

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-02-12  Per Arne Vollan  <pvollan@apple.com>
+
+        [iOS] Deny mach lookup access to view service in the WebContent process
+        https://bugs.webkit.org/show_bug.cgi?id=207487
+        <rdar://problem/56995704>
+        
+        Reviewed by Darin Adler.
+
+        As part of sandbox hardening, mach lookup access to com.apple.uikit.viewservice should be denied.
+
+        Test: fast/sandbox/ios/sandbox-mach-lookup.html
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-02-12  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

@@ -422 +422 @@
     (allow mach-lookup
         (global-name "com.apple.CARenderServer"))
-
-    (allow mach-lookup (with report) (with telemetry)
-        (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")
-    )
 
     ; UIKit-required IOKit nodes.