207487 2020-02-10 11:13:34 -0800 [iOS] Deny mach lookup access to view service in the WebContent process 2020-02-12 10:41:08 -0800 1 1 1 Unclassified WebKit WebKit Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 pvollan pvollan bfulgham commit-queue darin ggaren webkit-bug-importer oldest_to_newest 1616984 0 pvollan 2020-02-10 11:13:34 -0800 As part of sandbox hardening, mach lookup access to com.apple.uikit.viewservice should be denied. 1616985 1 pvollan 2020-02-10 11:13:54 -0800 rdar://problem/56995704 1616988 2 390271 pvollan 2020-02-10 11:17:45 -0800 Created attachment 390271 Patch 1617955 3 390271 pvollan 2020-02-12 07:12:09 -0800 Comment on attachment 390271 Patch Thanks for reviewing! 1617956 4 pvollan 2020-02-12 07:12:40 -0800 I believe the api-ios test failure is unrelated to this patch. 1617980 5 390271 commit-queue 2020-02-12 07:33:24 -0800 Comment on attachment 390271 Patch Rejecting attachment 390271 from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 390271, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Logging in as commit-queue@webkit.org... Fetching: https://bugs.webkit.org/attachment.cgi?id=390271&action=edit Fetching: https://bugs.webkit.org/show_bug.cgi?id=207487&ctype=xml&excludefield=attachmentdata Processing 1 patch from 1 bug. Processing patch 390271 from bug 207487. Fetching: https://bugs.webkit.org/attachment.cgi?id=390271 Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Darin Adler']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Parsed 5 diffs from patch file(s). patching file Source/WebKit/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb Hunk #1 succeeded at 422 (offset 1 line). patching file LayoutTests/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt Hunk #1 FAILED at 17. 1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt.rej patching file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html Hunk #1 FAILED at 20. 1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html.rej Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Darin Adler']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Full output: https://webkit-queues.webkit.org/results/13321362 1618031 6 bfulgham 2020-02-12 08:56:01 -0800 Looks like this didn't apply cleanly on the api-ios bot. Can you clean up and land manually? 1618084 7 pvollan 2020-02-12 10:29:36 -0800 (In reply to Brent Fulgham from comment #6) > Looks like this didn't apply cleanly on the api-ios bot. Can you clean up > and land manually? Will do! 1618095 8 pvollan 2020-02-12 10:41:08 -0800 Committed r256450: <https://trac.webkit.org/changeset/256450/webkit> 390271 2020-02-10 11:17:45 -0800 2020-02-12 07:33:24 -0800 Patch bug-207487-20200210111744.patch text/plain 4048 pvollan SW5kZXg6IFNvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJL aXQvQ2hhbmdlTG9nCShyZXZpc2lvbiAyNTYxOTUpCisrKyBTb3VyY2UvV2ViS2l0L0NoYW5nZUxv Zwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE3IEBACisyMDIwLTAyLTEwICBQZXIgQXJuZSBW b2xsYW4gIDxwdm9sbGFuQGFwcGxlLmNvbT4KKworICAgICAgICBbaU9TXSBEZW55IG1hY2ggbG9v a3VwIGFjY2VzcyB0byB2aWV3IHNlcnZpY2UgaW4gdGhlIFdlYkNvbnRlbnQgcHJvY2VzcworICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MjA3NDg3CisgICAg ICAgIDxyZGFyOi8vcHJvYmxlbS81Njk5NTcwND4KKyAgICAgICAgCisgICAgICAgIFJldmlld2Vk IGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFzIHBhcnQgb2Ygc2FuZGJveCBoYXJkZW5p bmcsIG1hY2ggbG9va3VwIGFjY2VzcyB0byBjb20uYXBwbGUudWlraXQudmlld3NlcnZpY2Ugc2hv dWxkIGJlIGRlbmllZC4KKworICAgICAgICBUZXN0OiBmYXN0L3NhbmRib3gvaW9zL3NhbmRib3gt bWFjaC1sb29rdXAuaHRtbAorCisgICAgICAgICogUmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9p b3MvY29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50LnNiOgorCiAyMDIwLTAyLTEwICBEYW5pZWwg QmF0ZXMgIDxkYWJhdGVzQGFwcGxlLmNvbT4KIAogICAgICAgICBEaXNhbGxvdyBzZXR0aW5nIGJh c2UgVVJMIHRvIGEgZGF0YSBvciBKYXZhU2NyaXB0IFVSTApJbmRleDogU291cmNlL1dlYktpdC9S ZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVzL2lvcy9jb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnQu c2IKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYktpdC9SZXNvdXJjZXMvU2FuZGJveFByb2ZpbGVz L2lvcy9jb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnQuc2IJKHJldmlzaW9uIDI1NjA3MCkKKysr IFNvdXJjZS9XZWJLaXQvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9pb3MvY29tLmFwcGxlLldl YktpdC5XZWJDb250ZW50LnNiCSh3b3JraW5nIGNvcHkpCkBAIC00MjEsMTAgKzQyMSw2IEBACiAg ICAgKGFsbG93IG1hY2gtbG9va3VwCiAgICAgICAgIChnbG9iYWwtbmFtZSAiY29tLmFwcGxlLkNB UmVuZGVyU2VydmVyIikpCiAKLSAgICAoYWxsb3cgbWFjaC1sb29rdXAgKHdpdGggcmVwb3J0KSAo d2l0aCB0ZWxlbWV0cnkpCi0gICAgICAgIChnbG9iYWwtbmFtZS1yZWdleCAjIl5jb21cLmFwcGxl XC51aWtpdFwudmlld3NlcnZpY2VcLi4rIikKLSAgICApCi0KICAgICA7IFVJS2l0LXJlcXVpcmVk IElPS2l0IG5vZGVzLgogICAgIChhbGxvdyBpb2tpdC1vcGVuICAod2l0aCByZXBvcnQpICh3aXRo IHRlbGVtZXRyeSkKICAgICAgICAgKGlva2l0LXVzZXItY2xpZW50LWNsYXNzICJBcHBsZUpQRUdE cml2ZXJVc2VyQ2xpZW50IikKSW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 Ci0tLSBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDI1NjA3MCkKKysrIExheW91dFRl c3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDEzIEBACisyMDIwLTAyLTEw ICBQZXIgQXJuZSBWb2xsYW4gIDxwdm9sbGFuQGFwcGxlLmNvbT4KKworICAgICAgICBbaU9TXSBE ZW55IG1hY2ggbG9va3VwIGFjY2VzcyB0byB2aWV3IHNlcnZpY2UgaW4gdGhlIFdlYkNvbnRlbnQg cHJvY2VzcworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9 MjA3NDg3CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAg KiBmYXN0L3NhbmRib3gvaW9zL3NhbmRib3gtbWFjaC1sb29rdXAtZXhwZWN0ZWQudHh0OgorICAg ICAgICAqIGZhc3Qvc2FuZGJveC9pb3Mvc2FuZGJveC1tYWNoLWxvb2t1cC5odG1sOgorCiAyMDIw LTAyLTA3ICBLYXRlIENoZW5leSAgPGthdGhlcmluZV9jaGVuZXlAYXBwbGUuY29tPgogCiAgICAg ICAgUmVncmVzc2lvbiAocjI1NjAxMSk6IGh0dHAvdGVzdHMvcmVzb3VyY2VMb2FkU3RhdGlzdGlj cy9hZ2dyZWdhdGUtc29ydGVkLWRhdGEtbm8tc3RvcmFnZS1hY2Nlc3MuaHRtbCBpcyBjb25zaXN0 ZW50bHkgZmFpbGluZwpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9zYW5kYm94L2lvcy9zYW5kYm94 LW1hY2gtbG9va3VwLWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0 L3NhbmRib3gvaW9zL3NhbmRib3gtbWFjaC1sb29rdXAtZXhwZWN0ZWQudHh0CShyZXZpc2lvbiAy NTYwNzApCisrKyBMYXlvdXRUZXN0cy9mYXN0L3NhbmRib3gvaW9zL3NhbmRib3gtbWFjaC1sb29r dXAtZXhwZWN0ZWQudHh0CSh3b3JraW5nIGNvcHkpCkBAIC0xNyw0ICsxNyw0IEBAIFBBU1MgaW50 ZXJuYWxzLmhhc1NhbmRib3hNYWNoTG9va3VwQWNjZXMKIFBBU1MgaW50ZXJuYWxzLmhhc1NhbmRi b3hNYWNoTG9va3VwQWNjZXNzVG9HbG9iYWxOYW1lKCJjb20uYXBwbGUuV2ViS2l0LldlYkNvbnRl bnQiLCAiY29tLmFwcGxlLnBvd2VybG9nLnBseHBjbG9nZ2VyLnhwYyIpIGlzIGZhbHNlCiBQQVNT IGludGVybmFscy5oYXNTYW5kYm94TWFjaExvb2t1cEFjY2Vzc1RvR2xvYmFsTmFtZSgiY29tLmFw cGxlLldlYktpdC5XZWJDb250ZW50IiwgImNvbS5hcHBsZS5zeXN0ZW0ubG9nZ2VyIikgaXMgZmFs c2UKIFBBU1MgaW50ZXJuYWxzLmhhc1NhbmRib3hNYWNoTG9va3VwQWNjZXNzVG9HbG9iYWxOYW1l KCJjb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnQiLCAiY29tLmFwcGxlLmFnZ3JlZ2F0ZWQiKSBp cyBmYWxzZQotCitQQVNTIGludGVybmFscy5oYXNTYW5kYm94TWFjaExvb2t1cEFjY2Vzc1RvR2xv YmFsTmFtZSgiY29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50IiwgImNvbS5hcHBsZS51aWtpdC52 aWV3c2VydmljZSIpIGlzIGZhbHNlCkluZGV4OiBMYXlvdXRUZXN0cy9mYXN0L3NhbmRib3gvaW9z L3NhbmRib3gtbWFjaC1sb29rdXAuaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0 L3NhbmRib3gvaW9zL3NhbmRib3gtbWFjaC1sb29rdXAuaHRtbAkocmV2aXNpb24gMjU2MDcwKQor KysgTGF5b3V0VGVzdHMvZmFzdC9zYW5kYm94L2lvcy9zYW5kYm94LW1hY2gtbG9va3VwLmh0bWwJ KHdvcmtpbmcgY29weSkKQEAgLTIwLDYgKzIwLDcgQEAgaWYgKHdpbmRvdy5pbnRlcm5hbHMpIHsK ICAgICBzaG91bGRCZUZhbHNlKCJpbnRlcm5hbHMuaGFzU2FuZGJveE1hY2hMb29rdXBBY2Nlc3NU b0dsb2JhbE5hbWUoXCJjb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnRcIiwgXCJjb20uYXBwbGUu cG93ZXJsb2cucGx4cGNsb2dnZXIueHBjXCIpIik7CiAgICAgc2hvdWxkQmVGYWxzZSgiaW50ZXJu YWxzLmhhc1NhbmRib3hNYWNoTG9va3VwQWNjZXNzVG9HbG9iYWxOYW1lKFwiY29tLmFwcGxlLldl YktpdC5XZWJDb250ZW50XCIsIFwiY29tLmFwcGxlLnN5c3RlbS5sb2dnZXJcIikiKTsKICAgICBz aG91bGRCZUZhbHNlKCJpbnRlcm5hbHMuaGFzU2FuZGJveE1hY2hMb29rdXBBY2Nlc3NUb0dsb2Jh bE5hbWUoXCJjb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnRcIiwgXCJjb20uYXBwbGUuYWdncmVn YXRlZFwiKSIpOworICAgIHNob3VsZEJlRmFsc2UoImludGVybmFscy5oYXNTYW5kYm94TWFjaExv b2t1cEFjY2Vzc1RvR2xvYmFsTmFtZShcImNvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudFwiLCBc ImNvbS5hcHBsZS51aWtpdC52aWV3c2VydmljZVwiKSIpOwogfQogPC9zY3JpcHQ+CiA8L2hlYWQ+ Cg==