Revise sandbox to allow IOKit properties needed by Metal and LaunchServices
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 15 May 2019 22:27:09 +0000 (22:27 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 15 May 2019 22:27:09 +0000 (22:27 +0000)
https://bugs.webkit.org/show_bug.cgi?id=197924
<rdar://problem/50823976>

Reviewed by Per Arne Vollan.

Update sandbox to allow access to some IOKit properties to avoid sandbox violations that could
lower performance or increase launch times:

* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@245360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

index 9aed2e1..80bf8a3 100644 (file)
@@ -1,3 +1,16 @@
+2019-05-15  Brent Fulgham  <bfulgham@apple.com>
+
+        Revise sandbox to allow IOKit properties needed by Metal and LaunchServices
+        https://bugs.webkit.org/show_bug.cgi?id=197924
+        <rdar://problem/50823976>
+
+        Reviewed by Per Arne Vollan.
+
+        Update sandbox to allow access to some IOKit properties to avoid sandbox violations that could
+        lower performance or increase launch times:
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2019-05-15  Chris Dumez  <cdumez@apple.com>
 
         Unreviewed, fix assertion introduced in r245339.
index af6f30a..c4578b2 100644 (file)
     (iokit-property-regex #"Apple(GVAKeyDoesNotExist|IntelMEVABundleName)")
     (iokit-property-regex #"^AAPL,(DisplayPipe|OpenCLdisabled|IOGraphics_LER(|_RegTag_1|_RegTag_0|_Busy_2)|alias-policy|boot-display|display-alias|mux-switch-state|ndrv-dev|primary-display|slot-name)")
     (iokit-property-regex #"^ATY,(cbits|fb_(linebytes|offset|size)|intrev)")
+    (iokit-property "ATY,DeviceName") ;; Needed by Metal compilers
+    (iokit-property "ATY,FamilyName") ;; Ditto
     (iokit-property "AVCSupported")
     (iokit-property "BacklightHandle")
     (iokit-property "BlockSize")
     (iokit-property "device_type")
     (iokit-property "dpm")
     (iokit-property "errordb") ;; Needed for OpenGL on older hardware
+    (iokit-property "filevault-image") ;; Needed by LaunchServices
     (iokit-property "graphic-options")
     (iokit-property "hda-gfx")
     (iokit-property-regex #"^id(Product|Vendor)")
     (iokit-property "iofb_version")
     (iokit-property "image-encrypted")
+    (iokit-property "image-path") ;; Needed by LaunchServices
     (iokit-property "locationID") ;; Needed for Audio support on older hardware
     (iokit-property "model")
     (iokit-property "mt-device-id")
     (iokit-property "name")
     (iokit-property "nv-stats")
+    (iokit-property "od-server-name") ;; Needed by LaunchServices
     (iokit-property-regex #"^parser-(options|type)")
     (iokit-property-regex #"^pci(-aspm-default|debug)")
     (iokit-property "port-number")