Investigate if mach lookup access to *.apple-extension-service, *.viewservice, and...
authorpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 1 Nov 2019 20:19:11 +0000 (20:19 +0000)
committerpvollan@apple.com <pvollan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 1 Nov 2019 20:19:11 +0000 (20:19 +0000)
https://bugs.webkit.org/show_bug.cgi?id=203626

Reviewed by Alexey Proskuryakov.

Modify the allow rule for these services to include the telemetry option.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@251935 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

index f3430f7..b07f80f 100644 (file)
@@ -1,3 +1,14 @@
+2019-11-01  Per Arne Vollan  <pvollan@apple.com>
+
+        Investigate if mach lookup access to *.apple-extension-service, *.viewservice, and com.apple.uikit.viewservice.* can be denied
+        https://bugs.webkit.org/show_bug.cgi?id=203626
+
+        Reviewed by Alexey Proskuryakov.
+
+        Modify the allow rule for these services to include the telemetry option.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2019-11-01  Peng Liu  <peng.liu6@apple.com>
 
         Turn on the Picture-in-Picture API feature by default
index 932b3c1..27b3056 100644 (file)
 
     (allow mach-lookup
         (global-name "com.apple.frontboard.systemappservices")                 ; -[UIViewServiceInterface _createProcessAssertion] -> SBSProcessIDForDisplayIdentifier()
+        (global-name "com.apple.CARenderServer")
+        (global-name "com.apple.iohideventsystem")
+    )
+
+    (allow mach-lookup (with telemetry)
         (global-name-regex #"^com\.apple\.uikit\.viewservice\..+")
         (xpc-service-name-regex #"\.apple-extension-service$") ;; <rdar://problem/19525887>
         (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371>
-        (global-name "com.apple.CARenderServer")
-        (global-name "com.apple.iohideventsystem")
     )
 
     ; UIKit-required IOKit nodes.