Changeset 270381 in webkit
- Timestamp:
- Dec 2, 2020 5:40:53 PM (3 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r270364 r270381 1 2020-12-02 Brent Fulgham <bfulgham@apple.com> 2 3 [macOS] WebContent sandbox; remove AppleIntelMEUserClient 4 https://bugs.webkit.org/show_bug.cgi?id=219012 5 <rdar://problem/70462796> 6 7 Reviewed by Eric Carlson. 8 9 Instead of globally extending access to the AppleIntelMEUserClient IOKit class, 10 only extend it when the GPU process is not in use. 11 12 * UIProcess/WebPageProxy.cpp: 13 (WebKit::gpuIOKitClasses): Add 'AppleIntelMEUserClient' as a dynamically-extended 14 IOKit class. 15 * WebProcess/com.apple.WebProcess.sb.in: Only allow 'AppleIntelMEUserClient' if it 16 was dynamically extended. 17 1 18 2020-12-02 Wenson Hsieh <wenson_hsieh@apple.com> 2 19 -
trunk/Source/WebKit/UIProcess/WebPageProxy.cpp
r270362 r270381 7740 7740 "IOSurfaceRootUserClient"_s, 7741 7741 #endif 7742 #if PLATFORM(MAC) || PLATFORM(MACCATALYST) 7743 "AppleIntelMEUserClient"_s, 7744 #endif 7742 7745 }); 7743 7746 return services; -
trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
r270326 r270381 181 181 ;; This is needed for Encrypted Media on some hardware (MacMini8,1 for example) 182 182 (allow iokit-open 183 (iokit-registry-entry-class "AppleIntelMEUserClient") 183 (require-all 184 (extension "com.apple.webkit.extension.iokit") 185 (iokit-registry-entry-class "AppleIntelMEUserClient") 186 ) 184 187 #if HAVE(SANDBOX_MESSAGE_FILTERING) 185 188 (with telemetry-backtrace) … … 1607 1610 ) 1608 1611 ) 1612 1613 ;; FIXME: This is just for logging. Remove when the GPU process is enabled by default. 1614 ;; These should only be accessed through an iokit-extension, so log if they are not. 1615 (allow iokit-open (with report) (with telemetry-backtrace) 1616 (require-all 1617 (require-not (extension "com.apple.webkit.extension.iokit")) 1618 (iokit-registry-entry-class 1619 "AppleIntelMEUserClient" 1620 ) 1621 ) 1622 ) 1623 1609 1624 #endif // HAVE(SANDBOX_MESSAGE_FILTERING) -
trunk/Tools/ChangeLog
r270378 r270381 1 2020-12-02 Brent Fulgham <bfulgham@apple.com> 2 3 [macOS] WebContent sandbox; remove AppleIntelMEUserClient 4 https://bugs.webkit.org/show_bug.cgi?id=219012 5 <rdar://problem/70462796> 6 7 Reviewed by Eric Carlson. 8 9 Update the various sandboxes to allow the UIProcess to extend IOKit classes 10 to child processes on macOS. We already do this on iOS. 11 12 * MiniBrowser/MiniBrowser.entitlements: 13 * TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements: 14 * TestWebKitAPI/Configurations/TestWebKitAPI-macOS.entitlements: 15 * WebKitTestRunner/Configurations/WebKitTestRunner.entitlements: 16 1 17 2020-12-02 Jonathan Bedard <jbedard@apple.com> 2 18 -
trunk/Tools/MiniBrowser/MiniBrowser.entitlements
r270035 r270381 22 22 <array> 23 23 <string>(allow mach-issue-extension (require-all (extension-class "com.apple.webkit.extension.mach")))</string> 24 <string>(allow iokit-issue-extension (require-all (extension-class "com.apple.webkit.extension.iokit")))</string> 24 25 </array> 25 26 <key>com.apple.security.device.camera</key> -
trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS-internal.entitlements
r264769 r270381 14 14 <array> 15 15 <string>(allow mach-issue-extension (require-all (extension-class "com.apple.webkit.extension.mach")))</string> 16 <string>(allow iokit-issue-extension (require-all (extension-class "com.apple.webkit.extension.iokit")))</string> 16 17 </array> 17 18 </dict> -
trunk/Tools/TestWebKitAPI/Configurations/TestWebKitAPI-macOS.entitlements
r257269 r270381 10 10 <array> 11 11 <string>(allow mach-issue-extension (require-all (extension-class "com.apple.webkit.extension.mach")))</string> 12 <string>(allow iokit-issue-extension (require-all (extension-class "com.apple.webkit.extension.iokit")))</string> 12 13 </array> 13 14 </dict> -
trunk/Tools/WebKitTestRunner/Configurations/WebKitTestRunner.entitlements
r256777 r270381 2 2 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> 3 3 <plist version="1.0"> 4 <dict> 5 <key>keychain-access-groups</key> 6 <array> 7 <string>com.apple.WebKitTestRunner</string> 8 </array> 9 <key>com.apple.security.temporary-exception.sbpl</key> 10 <array> 11 <string>(allow mach-issue-extension (require-all (extension-class "com.apple.webkit.extension.mach")))</string> 12 </array> 13 </dict> 4 <dict> 5 <key>keychain-access-groups</key> 6 <array> 7 <string>com.apple.WebKitTestRunner</string> 8 </array> 9 <key>com.apple.security.temporary-exception.sbpl</key> 10 <array> 11 <string>(allow mach-issue-extension (require-all (extension-class "com.apple.webkit.extension.mach")))</string> 12 <string>(allow iokit-issue-extension (require-all (extension-class "com.apple.webkit.extension.iokit")))</string> 13 </array> 14 </dict> 14 15 </plist>
Note: See TracChangeset
for help on using the changeset viewer.