[iOS] Deny mach lookups to services not used.
authorpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Jan 2019 21:40:11 +0000 (21:40 +0000)
committerpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Jan 2019 21:40:11 +0000 (21:40 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193828

Reviewed by Brent Fulgham.

Start denying mach lookups to iOS services, which were previously allowed with reporting.
Living-on has indicated that these services are not used.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240500 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

index 63628a1..17e4a7e 100644 (file)
@@ -1,3 +1,15 @@
+2019-01-25  Per Arne Vollan  <pvollan@apple.com>
+
+        [iOS] Deny mach lookups to services not used.
+        https://bugs.webkit.org/show_bug.cgi?id=193828
+
+        Reviewed by Brent Fulgham.
+
+        Start denying mach lookups to iOS services, which were previously allowed with reporting.
+        Living-on has indicated that these services are not used.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2019-01-25  Brent Fulgham  <bfulgham@apple.com>
 
         Activate the WebResourceLoadStatisticsStore in the NetworkProcess and deactivate it in the UIProcess.
index 3583326..209f46c 100644 (file)
     (global-name "com.apple.coremedia.decompressionsession")
     (global-name "com.apple.coremedia.videoqueue"))
 
-(allow mach-lookup (with report)
+;; These services have been identified as unused during living-on.
+;; This list overrides some definitions above and in common.sb.
+;; FIXME: remove overridden rules once the final list has been
+;; established, see https://bugs.webkit.org/show_bug.cgi?id=193840
+(deny mach-lookup
     (global-name "com.apple.AGXCompilerService")
     (global-name "com.apple.CoreAuthentication.daemon.libxpc")
     (global-name "com.apple.FileCoordination")
     (global-name "com.apple.assertiond.expiration")
     (global-name "com.apple.assertiond.processassertionconnection")
     (global-name "com.apple.assertiond.processinfoservice")
-    (global-name "com.apple.audio.AURemoteIOServer")
     (global-name "com.apple.audio.AudioComponentPrefs")
     (global-name "com.apple.audio.AudioQueueServer")
     (global-name "com.apple.audio.SystemSoundServer-iOS")
     (global-name "com.apple.coremedia.capturesession")
     (global-name "com.apple.coremedia.capturesource")
     (global-name "com.apple.coremedia.compressionsession")
-    (global-name "com.apple.coremedia.endpoint.xpc")
     (global-name "com.apple.coremedia.endpointplaybacksession.xpc")
     (global-name "com.apple.coremedia.endpointremotecontrolsession.xpc")
     (global-name "com.apple.coremedia.figcontentkeysession.xpc")
-    (global-name "com.apple.coremedia.figcpecryptor")
     (global-name "com.apple.coremedia.remotequeue")
     (global-name "com.apple.coremedia.samplebufferaudiorenderer.xpc")
     (global-name "com.apple.coremedia.samplebufferrendersynchronizer.xpc")
     (global-name "com.apple.marco")
     (global-name "com.apple.mediaserverd")
     (global-name "com.apple.mobile.usermanagerd.xpc")
-    (global-name "com.apple.mobilegestalt.xpc")
     (global-name "com.apple.nehelper")
     (global-name "com.apple.nesessionmanager")
     (global-name "com.apple.pegasus")