Changeset 269867 in webkit


Ignore:
Timestamp:
Nov 16, 2020 11:52:43 AM (3 years ago)
Author:
pvollan@apple.com
Message:

[macOS] The WebContent sandbox does not apply for open source builds
https://bugs.webkit.org/show_bug.cgi?id=218982

Reviewed by Alexey Proskuryakov.

Source/WebKit:

The WebContent sandbox does not apply for open source builds on macOS, since it has enabled message filtering,
which requires a private entitlement.

  • WebProcess/com.apple.WebProcess.sb.in:

Source/WTF:

Add HAVE define for sandbox message filtering.

  • wtf/PlatformHave.h:
Location:
trunk/Source
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WTF/ChangeLog

    r269865 r269867  
     12020-11-16  Per Arne Vollan  <pvollan@apple.com>
     2
     3        [macOS] The WebContent sandbox does not apply for open source builds
     4        https://bugs.webkit.org/show_bug.cgi?id=218982
     5
     6        Reviewed by Alexey Proskuryakov.
     7
     8        Add HAVE define for sandbox message filtering.
     9
     10        * wtf/PlatformHave.h:
     11
    1122020-11-16  Megan Gardner  <megan_gardner@apple.com>
    213
  • trunk/Source/WTF/wtf/PlatformHave.h

    r269810 r269867  
    771771#define HAVE_AVCAPTUREDEVICE 1
    772772#endif
     773
     774#if PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED > 110000 && defined __has_include && __has_include(<CoreFoundation/CFPriv.h>)
     775#define HAVE_SANDBOX_MESSAGE_FILTERING 1
     776#endif
  • trunk/Source/WebKit/ChangeLog

    r269865 r269867  
     12020-11-16  Per Arne Vollan  <pvollan@apple.com>
     2
     3        [macOS] The WebContent sandbox does not apply for open source builds
     4        https://bugs.webkit.org/show_bug.cgi?id=218982
     5
     6        Reviewed by Alexey Proskuryakov.
     7
     8        The WebContent sandbox does not apply for open source builds on macOS, since it has enabled message filtering,
     9        which requires a private entitlement.
     10
     11        * WebProcess/com.apple.WebProcess.sb.in:
     12
    1132020-11-16  Megan Gardner  <megan_gardner@apple.com>
    214
  • trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

    r269792 r269867  
    113113    (allow iokit-open
    114114        (iokit-connection "IOAccelerator")
    115 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     115#if HAVE(SANDBOX_MESSAGE_FILTERING)
    116116        (with telemetry-backtrace)
    117117        (apply-message-filter
     
    128128    (allow iokit-open
    129129        (iokit-registry-entry-class "IOAccelerationUserClient")
    130 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     130#if HAVE(SANDBOX_MESSAGE_FILTERING)
    131131        (with telemetry-backtrace)
    132132        (apply-message-filter
     
    141141    (allow iokit-open
    142142        (iokit-registry-entry-class "IOSurfaceRootUserClient")
    143 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     143#if HAVE(SANDBOX_MESSAGE_FILTERING)
    144144        (with telemetry-backtrace)
    145145        (apply-message-filter
     
    156156    (allow iokit-open
    157157        (iokit-registry-entry-class "IOSurfaceSendRight")
    158 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     158#if HAVE(SANDBOX_MESSAGE_FILTERING)
    159159        (with telemetry-backtrace)
    160160        (apply-message-filter
     
    175175    (allow iokit-open
    176176        (iokit-registry-entry-class "AppleIntelMEUserClient")
    177 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     177#if HAVE(SANDBOX_MESSAGE_FILTERING)
    178178        (with telemetry-backtrace)
    179179        (apply-message-filter
     
    190190    (allow iokit-open
    191191        (iokit-registry-entry-class "AppleSNBFBUserClient")
    192 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     192#if HAVE(SANDBOX_MESSAGE_FILTERING)
    193193        (with telemetry-backtrace)
    194194        (apply-message-filter
     
    206206    (allow iokit-open
    207207        (iokit-registry-entry-class "AGPMClient")
    208 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     208#if HAVE(SANDBOX_MESSAGE_FILTERING)
    209209        (with telemetry-backtrace)
    210210        (apply-message-filter
     
    219219    (allow iokit-open
    220220        (iokit-registry-entry-class "AppleGraphicsControlClient")
    221 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     221#if HAVE(SANDBOX_MESSAGE_FILTERING)
    222222        (with telemetry-backtrace)
    223223        (apply-message-filter
     
    234234    (allow iokit-open
    235235        (iokit-registry-entry-class "AppleGraphicsPolicyClient")
    236 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     236#if HAVE(SANDBOX_MESSAGE_FILTERING)
    237237        (with telemetry-backtrace)
    238238        (apply-message-filter
     
    248248    (allow iokit-open
    249249        (iokit-registry-entry-class "AppleMGPUPowerControlClient")
    250 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     250#if HAVE(SANDBOX_MESSAGE_FILTERING)
    251251        (with telemetry-backtrace)
    252252        (apply-message-filter
     
    817817(allow iokit-open
    818818    (iokit-user-client-class "AppleUpstreamUserClient")
    819 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     819#if HAVE(SANDBOX_MESSAGE_FILTERING)
    820820    (with telemetry-backtrace)
    821821    (apply-message-filter
     
    831831(allow iokit-open
    832832    (iokit-user-client-class "RootDomainUserClient") ;; Needed by WebCore::PerformanceMonitor
    833 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     833#if HAVE(SANDBOX_MESSAGE_FILTERING)
    834834    (with telemetry-backtrace)
    835835    (apply-message-filter
     
    845845(allow iokit-open
    846846    (iokit-user-client-class "AudioAUUC") ;; <rdar://problem/10427451> && <rdar://problem/10808817>
    847 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     847#if HAVE(SANDBOX_MESSAGE_FILTERING)
    848848    (with telemetry-backtrace)
    849849    (apply-message-filter
     
    859859(allow iokit-open
    860860    (iokit-user-client-class "IOAudioControlUserClient")
    861 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     861#if HAVE(SANDBOX_MESSAGE_FILTERING)
    862862    (with telemetry-backtrace)
    863863    (apply-message-filter
     
    873873(allow iokit-open
    874874    (iokit-user-client-class "IOAudioEngineUserClient")
    875 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     875#if HAVE(SANDBOX_MESSAGE_FILTERING)
    876876    (with telemetry-backtrace)
    877877    (apply-message-filter
     
    11691169        ;; QuickTimeUSBVDCDigitizer
    11701170        (iokit-user-client-class "IOUSBDeviceUserClientV2")
    1171 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     1171#if HAVE(SANDBOX_MESSAGE_FILTERING)
    11721172        (with telemetry-backtrace)
    11731173        (apply-message-filter
     
    11821182    (allow iokit-open
    11831183        (iokit-user-client-class "IOUSBInterfaceUserClientV2")
    1184 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 110000
     1184#if HAVE(SANDBOX_MESSAGE_FILTERING)
    11851185        (with telemetry-backtrace)
    11861186        (apply-message-filter
     
    14291429#endif
    14301430
     1431#if HAVE(SANDBOX_MESSAGE_FILTERING)
    14311432(when (defined? 'mach-bootstrap)
    14321433    (allow mach-bootstrap
     
    15511552    )
    15521553)
     1554#endif // HAVE(SANDBOX_MESSAGE_FILTERING)
Note: See TracChangeset for help on using the changeset viewer.