189385 2018-09-06 16:46:49 -0700 [iOS] Move default mach-lookup deny to after common.sb is imported 2018-09-07 05:28:34 -0700 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 bfulgham bfulgham achristensen bfulgham commit-queue eric.carlson youennf oldest_to_newest 1457333 0 bfulgham 2018-09-06 16:46:49 -0700 The default deny rule in our iOS sandboxes happens before we import common.sb, which potentially allows more things than we would prefer in the WebContent, Storage, or Network processes. Instead, we should first import 'common.sb', then deny all lookups so we can be sure we only enable the items we absolutely need to function. 1457334 1 bfulgham 2018-09-06 16:47:05 -0700 <rdar://problem/43624193> 1457337 2 349092 bfulgham 2018-09-06 16:49:13 -0700 Created attachment 349092 Patch 1457338 3 bfulgham 2018-09-06 16:49:43 -0700 I tested this manually on device to confirm proper function. 1457464 4 349092 commit-queue 2018-09-07 05:28:32 -0700 Comment on attachment 349092 Patch Clearing flags on attachment: 349092 Committed r235781: <https://trac.webkit.org/changeset/235781> 1457465 5 commit-queue 2018-09-07 05:28:34 -0700 All reviewed patches have been landed. Closing bug. 349092 2018-09-06 16:49:13 -0700 2018-09-07 05:28:32 -0700 Patch bug-189385-20180906164912.patch text/plain 3334 bfulgham U3VidmVyc2lvbiBSZXZpc2lvbjogMjM1NzQ0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0L0No YW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCmluZGV4IDViYjQ5ZjA3MWZhMzMxMzRm NWE1NzYxODQxYjlhYWM3Y2FhNDc4ZTEuLmQzNTkyNjMzYmVkNDcyYjUzMjNiN2IyZjkzOTU4YzM2 MzFkMjBmYWMgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCisrKyBiL1NvdXJj ZS9XZWJLaXQvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTgtMDktMDYgIEJyZW50IEZ1 bGdoYW0gIDxiZnVsZ2hhbUBhcHBsZS5jb20+CisKKyAgICAgICAgW2lPU10gTW92ZSBkZWZhdWx0 IG1hY2gtbG9va3VwIGRlbnkgdG8gYWZ0ZXIgY29tbW9uLnNiIGlzIGltcG9ydGVkCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xODkzODUKKyAgICAgICAg PHJkYXI6Ly9wcm9ibGVtLzQzNjI0MTkzPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAo T09QUyEpLgorCisgICAgICAgICogUmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9pb3MvY29tLmFw cGxlLldlYktpdC5OZXR3b3JraW5nLnNiOiBNb3ZlIHRoZSAnZGVueSBtYWNoLWxvb2t1cCcgY2Fs bCBsYXRlciBpbiB0aGUgZmlsZS4KKyAgICAgICAgKiBSZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVz L2lvcy9jb20uYXBwbGUuV2ViS2l0LlN0b3JhZ2Uuc2I6IERpdHRvLgorICAgICAgICAqIFJlc291 cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudC5zYjog RGl0dG8uCisKIDIwMTgtMDktMDYgIEZyZWRlcmljIFdhbmcgIDxmd2FuZ0BpZ2FsaWEuY29tPgog CiAgICAgICAgIFVzZSBtb3JlIGdlbmVyaWMgbmFtZXMgdGhhbiAib3ZlcmZsb3ciIGZvciBmdW5j dGlvbnMgdGhhdCBjYW4gYmUgdXNlZCBmb3Igc3ViZnJhbWVzCmRpZmYgLS1naXQgYS9Tb3VyY2Uv V2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuTmV0 d29ya2luZy5zYiBiL1NvdXJjZS9XZWJLaXQvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9pb3Mv Y29tLmFwcGxlLldlYktpdC5OZXR3b3JraW5nLnNiCmluZGV4IDI4OTg3NzY0YjEzZDU3MGY2OTM2 MmMzNzBkMjdkMDFhYWRmYjkwZjIuLmNlZWZkZGY4MDk1NDlkNDU5MjJjYzU0YmJkZmZjMTFjOGQz ZGI2ODkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxl cy9pb3MvY29tLmFwcGxlLldlYktpdC5OZXR3b3JraW5nLnNiCisrKyBiL1NvdXJjZS9XZWJLaXQv UmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9pb3MvY29tLmFwcGxlLldlYktpdC5OZXR3b3JraW5n LnNiCkBAIC0yNSwxMCArMjUsMTAgQEAKIChkZW55IGRlZmF1bHQgKHdpdGggcGFydGlhbC1zeW1i b2xpY2F0aW9uKSkKIChhbGxvdyBzeXN0ZW0tYXVkaXQgZmlsZS1yZWFkLW1ldGFkYXRhKQogCi0o ZGVueSBtYWNoLWxvb2t1cCAoeHBjLXNlcnZpY2UtbmFtZS1wcmVmaXggIiIpKQotCiAoaW1wb3J0 ICJjb21tb24uc2IiKQogCisoZGVueSBtYWNoLWxvb2t1cCAoeHBjLXNlcnZpY2UtbmFtZS1wcmVm aXggIyIiKSkKKwogKGRlbnkgbHNvcGVuKQogCiAoZGVueSBzeXNjdGwqKQpkaWZmIC0tZ2l0IGEv U291cmNlL1dlYktpdC9SZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVzL2lvcy9jb20uYXBwbGUuV2Vi S2l0LlN0b3JhZ2Uuc2IgYi9Tb3VyY2UvV2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMv aW9zL2NvbS5hcHBsZS5XZWJLaXQuU3RvcmFnZS5zYgppbmRleCBlODlkNzU3ZTRhMThmNWFlZGVh OTEzNGVkYmI3MGJlNmIzOWZiZDRkLi5kZjk3ODNiMTcxYzBmZGU3ZjY4MjIyZWIyYjFlZThkY2I3 MDY1NTc5IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmls ZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuU3RvcmFnZS5zYgorKysgYi9Tb3VyY2UvV2ViS2l0L1Jl c291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuU3RvcmFnZS5zYgpA QCAtMSw0ICsxLDQgQEAKLTsgQ29weXJpZ2h0IChDKSAyMDE0IEFwcGxlIEluYy4gQWxsIHJpZ2h0 cyByZXNlcnZlZC4KKzsgQ29weXJpZ2h0IChDKSAyMDE0LTIwMTggQXBwbGUgSW5jLiBBbGwgcmln aHRzIHJlc2VydmVkLgogOwogOyBSZWRpc3RyaWJ1dGlvbiBhbmQgdXNlIGluIHNvdXJjZSBhbmQg YmluYXJ5IGZvcm1zLCB3aXRoIG9yIHdpdGhvdXQKIDsgbW9kaWZpY2F0aW9uLCBhcmUgcGVybWl0 dGVkIHByb3ZpZGVkIHRoYXQgdGhlIGZvbGxvd2luZyBjb25kaXRpb25zCkBAIC0yNSwxMCArMjUs MTAgQEAKIChkZW55IGRlZmF1bHQgKHdpdGggcGFydGlhbC1zeW1ib2xpY2F0aW9uKSkKIChhbGxv dyBzeXN0ZW0tYXVkaXQgZmlsZS1yZWFkLW1ldGFkYXRhKQogCi0oZGVueSBtYWNoLWxvb2t1cCAo eHBjLXNlcnZpY2UtbmFtZS1wcmVmaXggIiIpKQotCiAoaW1wb3J0ICJjb21tb24uc2IiKQogCiso ZGVueSBtYWNoLWxvb2t1cCAoeHBjLXNlcnZpY2UtbmFtZS1wcmVmaXggIyIiKSkKKwogKGRlbnkg bHNvcGVuKQogCiAoYWxsb3cgZmlsZS1yZWFkKiBmaWxlLXdyaXRlKiAoZXh0ZW5zaW9uICJjb20u YXBwbGUuYXBwLXNhbmRib3gucmVhZC13cml0ZSIpKQpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktp dC9SZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVzL2lvcy9jb20uYXBwbGUuV2ViS2l0LldlYkNvbnRl bnQuc2IgYi9Tb3VyY2UvV2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5h cHBsZS5XZWJLaXQuV2ViQ29udGVudC5zYgppbmRleCAzYTk3M2QwNDY0YWQ0ODJhNTM3M2YzMDU5 YmNiNWRhOGU0Nzc4NTEzLi4xZWQ4MjRmOTQ5YjZkYmM0MWRjNDkxNjgxMWEwNTFkMzQxZjJhNDRi IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9z L2NvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudC5zYgorKysgYi9Tb3VyY2UvV2ViS2l0L1Jlc291 cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudC5zYgpA QCAtMjUsMTAgKzI1LDEwIEBACiAoZGVueSBkZWZhdWx0ICh3aXRoIHBhcnRpYWwtc3ltYm9saWNh dGlvbikpCiAoYWxsb3cgc3lzdGVtLWF1ZGl0IGZpbGUtcmVhZC1tZXRhZGF0YSkKIAotKGRlbnkg bWFjaC1sb29rdXAgKHhwYy1zZXJ2aWNlLW5hbWUtcHJlZml4ICIiKSkKLQogKGltcG9ydCAiY29t bW9uLnNiIikKIAorKGRlbnkgbWFjaC1sb29rdXAgKHhwYy1zZXJ2aWNlLW5hbWUtcHJlZml4ICMi IikpCisKIChkZW55IGxzb3BlbikKIAogOzs7Cg==