207488 2020-02-10 11:39:48 -0800 [iOS] Deny mach lookup access to the tccd service in the WebContent process 2020-02-11 14:22:30 -0800 1 1 1 Unclassified WebKit WebKit Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 pvollan pvollan bfulgham commit-queue darin ggaren webkit-bug-importer oldest_to_newest 1617002 0 pvollan 2020-02-10 11:39:48 -0800 As part of sandbox hardening, deny mach lookup access to the tccd service. 1617005 1 390275 pvollan 2020-02-10 11:44:40 -0800 Created attachment 390275 Patch 1617006 2 webkit-bug-importer 2020-02-10 11:45:06 -0800 <rdar://problem/59319475> 1617569 3 390275 pvollan 2020-02-11 13:00:25 -0800 Comment on attachment 390275 Patch Thanks for reviewing! 1617626 4 390275 commit-queue 2020-02-11 14:22:28 -0800 Comment on attachment 390275 Patch Clearing flags on attachment: 390275 Committed r256371: <https://trac.webkit.org/changeset/256371> 1617627 5 commit-queue 2020-02-11 14:22:30 -0800 All reviewed patches have been landed. Closing bug. 390275 2020-02-10 11:44:40 -0800 2020-02-11 14:22:28 -0800 Patch bug-207488-20200210114439.patch text/plain 3880 pvollan SW5kZXg6IFNvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJL aXQvQ2hhbmdlTG9nCShyZXZpc2lvbiAyNTYxOTcpCisrKyBTb3VyY2UvV2ViS2l0L0NoYW5nZUxv Zwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE2IEBACisyMDIwLTAyLTEwICBQZXIgQXJuZSBW b2xsYW4gIDxwdm9sbGFuQGFwcGxlLmNvbT4KKworICAgICAgICBbaU9TXSBEZW55IG1hY2ggbG9v a3VwIGFjY2VzcyB0byB0aGUgdGNjZCBzZXJ2aWNlIGluIHRoZSBXZWJDb250ZW50IHByb2Nlc3MK KyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNzQ4OAor CisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEFzIHBhcnQg b2Ygc2FuZGJveCBoYXJkZW5pbmcsIGRlbnkgbWFjaCBsb29rdXAgYWNjZXNzIHRvIHRoZSB0Y2Nk IHNlcnZpY2UuCisKKyAgICAgICAgVGVzdDogZmFzdC9zYW5kYm94L2lvcy9zYW5kYm94LW1hY2gt bG9va3VwLmh0bWwKKworICAgICAgICAqIFJlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2Nv bS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudC5zYjoKKwogMjAyMC0wMi0xMCAgRGFuaWVsIEJhdGVz ICA8ZGFiYXRlc0BhcHBsZS5jb20+CiAKICAgICAgICAgRGlzYWxsb3cgc2V0dGluZyBiYXNlIFVS TCB0byBhIGRhdGEgb3IgSmF2YVNjcmlwdCBVUkwKSW5kZXg6IFNvdXJjZS9XZWJLaXQvUmVzb3Vy Y2VzL1NhbmRib3hQcm9maWxlcy9pb3MvY29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50LnNiCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQvUmVzb3VyY2VzL1NhbmRib3hQcm9maWxlcy9pb3Mv Y29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50LnNiCShyZXZpc2lvbiAyNTYxOTUpCisrKyBTb3Vy Y2UvV2ViS2l0L1Jlc291cmNlcy9TYW5kYm94UHJvZmlsZXMvaW9zL2NvbS5hcHBsZS5XZWJLaXQu V2ViQ29udGVudC5zYgkod29ya2luZyBjb3B5KQpAQCAtNjA0LDggKzYwNCw3IEBACiAgICAgKGds b2JhbC1uYW1lICJjb20uYXBwbGUuY2ZwcmVmc2QuZGFlbW9uIikpCiAKIChhbGxvdyBtYWNoLWxv b2t1cCAod2l0aCByZXBvcnQpICh3aXRoIHRlbGVtZXRyeSkKLSAgICAoZ2xvYmFsLW5hbWUgImNv bS5hcHBsZS5kaXN0cmlidXRlZF9ub3RpZmljYXRpb25zQDF2MyIpCi0gICAgKGdsb2JhbC1uYW1l ICJjb20uYXBwbGUudGNjZCIpKQorICAgIChnbG9iYWwtbmFtZSAiY29tLmFwcGxlLmRpc3RyaWJ1 dGVkX25vdGlmaWNhdGlvbnNAMXYzIikpCiAKIChhbGxvdyBpcGMtcG9zaXgtc2htLXJlYWQqCiAg ICAgICAgKGlwYy1wb3NpeC1uYW1lLXByZWZpeCAiYXBwbGUuY2ZwcmVmcy4iKSkKSW5kZXg6IExh eW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJ KHJldmlzaW9uIDI1NjE5NSkKKysrIExheW91dFRlc3RzL0NoYW5nZUxvZwkod29ya2luZyBjb3B5 KQpAQCAtMSwzICsxLDEzIEBACisyMDIwLTAyLTEwICBQZXIgQXJuZSBWb2xsYW4gIDxwdm9sbGFu QGFwcGxlLmNvbT4KKworICAgICAgICBbaU9TXSBEZW55IG1hY2ggbG9va3VwIGFjY2VzcyB0byB0 aGUgdGNjZCBzZXJ2aWNlIGluIHRoZSBXZWJDb250ZW50IHByb2Nlc3MKKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIwNzQ4OAorCisgICAgICAgIFJldmll d2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogZmFzdC9zYW5kYm94L2lvcy9zYW5k Ym94LW1hY2gtbG9va3VwLWV4cGVjdGVkLnR4dDoKKyAgICAgICAgKiBmYXN0L3NhbmRib3gvaW9z L3NhbmRib3gtbWFjaC1sb29rdXAuaHRtbDoKKwogMjAyMC0wMi0xMCAgVHJ1aXR0IFNhdmVsbCAg PHRzYXZlbGxAYXBwbGUuY29tPgogCiAgICAgICAgIFJFR1JFU1NJT046IFsgV2luIF0gY3NzMS9i b3hfcHJvcGVydGllcy9wYWRkaW5nX2xlZnQuaHRtbCBpcyBmYWlsaW5nCkluZGV4OiBMYXlvdXRU ZXN0cy9mYXN0L3NhbmRib3gvaW9zL3NhbmRib3gtbWFjaC1sb29rdXAtZXhwZWN0ZWQudHh0Cj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIExheW91dFRlc3RzL2Zhc3Qvc2FuZGJveC9pb3Mvc2FuZGJveC1tYWNoLWxv b2t1cC1leHBlY3RlZC50eHQJKHJldmlzaW9uIDI1NjE5NSkKKysrIExheW91dFRlc3RzL2Zhc3Qv c2FuZGJveC9pb3Mvc2FuZGJveC1tYWNoLWxvb2t1cC1leHBlY3RlZC50eHQJKHdvcmtpbmcgY29w eSkKQEAgLTE3LDQgKzE3LDQgQEAgUEFTUyBpbnRlcm5hbHMuaGFzU2FuZGJveE1hY2hMb29rdXBB Y2NlcwogUEFTUyBpbnRlcm5hbHMuaGFzU2FuZGJveE1hY2hMb29rdXBBY2Nlc3NUb0dsb2JhbE5h bWUoImNvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudCIsICJjb20uYXBwbGUucG93ZXJsb2cucGx4 cGNsb2dnZXIueHBjIikgaXMgZmFsc2UKIFBBU1MgaW50ZXJuYWxzLmhhc1NhbmRib3hNYWNoTG9v a3VwQWNjZXNzVG9HbG9iYWxOYW1lKCJjb20uYXBwbGUuV2ViS2l0LldlYkNvbnRlbnQiLCAiY29t LmFwcGxlLnN5c3RlbS5sb2dnZXIiKSBpcyBmYWxzZQogUEFTUyBpbnRlcm5hbHMuaGFzU2FuZGJv eE1hY2hMb29rdXBBY2Nlc3NUb0dsb2JhbE5hbWUoImNvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVu dCIsICJjb20uYXBwbGUuYWdncmVnYXRlZCIpIGlzIGZhbHNlCi0KK1BBU1MgaW50ZXJuYWxzLmhh c1NhbmRib3hNYWNoTG9va3VwQWNjZXNzVG9HbG9iYWxOYW1lKCJjb20uYXBwbGUuV2ViS2l0Lldl YkNvbnRlbnQiLCAiY29tLmFwcGxlLnRjY2QiKSBpcyBmYWxzZQpJbmRleDogTGF5b3V0VGVzdHMv ZmFzdC9zYW5kYm94L2lvcy9zYW5kYm94LW1hY2gtbG9va3VwLmh0bWwKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g TGF5b3V0VGVzdHMvZmFzdC9zYW5kYm94L2lvcy9zYW5kYm94LW1hY2gtbG9va3VwLmh0bWwJKHJl dmlzaW9uIDI1NjE5NSkKKysrIExheW91dFRlc3RzL2Zhc3Qvc2FuZGJveC9pb3Mvc2FuZGJveC1t YWNoLWxvb2t1cC5odG1sCSh3b3JraW5nIGNvcHkpCkBAIC0yMCw2ICsyMCw3IEBAIGlmICh3aW5k b3cuaW50ZXJuYWxzKSB7CiAgICAgc2hvdWxkQmVGYWxzZSgiaW50ZXJuYWxzLmhhc1NhbmRib3hN YWNoTG9va3VwQWNjZXNzVG9HbG9iYWxOYW1lKFwiY29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50 XCIsIFwiY29tLmFwcGxlLnBvd2VybG9nLnBseHBjbG9nZ2VyLnhwY1wiKSIpOwogICAgIHNob3Vs ZEJlRmFsc2UoImludGVybmFscy5oYXNTYW5kYm94TWFjaExvb2t1cEFjY2Vzc1RvR2xvYmFsTmFt ZShcImNvbS5hcHBsZS5XZWJLaXQuV2ViQ29udGVudFwiLCBcImNvbS5hcHBsZS5zeXN0ZW0ubG9n Z2VyXCIpIik7CiAgICAgc2hvdWxkQmVGYWxzZSgiaW50ZXJuYWxzLmhhc1NhbmRib3hNYWNoTG9v a3VwQWNjZXNzVG9HbG9iYWxOYW1lKFwiY29tLmFwcGxlLldlYktpdC5XZWJDb250ZW50XCIsIFwi Y29tLmFwcGxlLmFnZ3JlZ2F0ZWRcIikiKTsKKyAgICBzaG91bGRCZUZhbHNlKCJpbnRlcm5hbHMu aGFzU2FuZGJveE1hY2hMb29rdXBBY2Nlc3NUb0dsb2JhbE5hbWUoXCJjb20uYXBwbGUuV2ViS2l0 LldlYkNvbnRlbnRcIiwgXCJjb20uYXBwbGUudGNjZFwiKSIpOwogfQogPC9zY3JpcHQ+CiA8L2hl YWQ+Cg==