232247 2021-10-25 10:29:53 -0700 [macOS][GPUP] Remove sandbox write access to files 2021-11-12 08:39:09 -0800 1 1 1 Unclassified WebKit WebKit Misc. WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 pvollan pvollan bfulgham gavin.p mazander webkit-bug-importer oldest_to_newest 1808452 0 pvollan 2021-10-25 10:29:53 -0700 Based on telemetry, remove sandbox write access to files in the GPU process on macOS. 1808454 1 webkit-bug-importer 2021-10-25 10:30:33 -0700 <rdar://problem/84620023> 1808455 2 442382 pvollan 2021-10-25 10:31:57 -0700 Created attachment 442382 Patch 1813797 3 442382 bfulgham 2021-11-10 14:34:37 -0800 Comment on attachment 442382 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=442382&action=review r=me > Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:-107 > - (vnode-type REGULAR-FILE))) Are we confident this isn't needed to support crash reporting? 1814426 4 pvollan 2021-11-12 07:27:36 -0800 (In reply to Brent Fulgham from comment #3) > Comment on attachment 442382 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=442382&action=review > > r=me > > > Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:-107 > > - (vnode-type REGULAR-FILE))) > > Are we confident this isn't needed to support crash reporting? I have tried terminating the WebContent process, which also has this rule, and no files are created in '/cores', so I believe we can remove this access. Thanks for reviewing! 1814427 5 ews-feeder 2021-11-12 07:29:01 -0800 Tools/Scripts/svn-apply failed to apply attachment 442382 to trunk. Please resolve the conflicts and upload a new patch. 1814445 6 444069 pvollan 2021-11-12 08:10:12 -0800 Created attachment 444069 Patch 1814468 7 ews-feeder 2021-11-12 08:39:07 -0800 Committed r285723 (244182@main): <https://commits.webkit.org/244182@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 444069. 442382 2021-10-25 10:31:57 -0700 2021-11-12 07:29:02 -0800 Patch bug-232247-20211025103156.patch text/plain 1789 pvollan SW5kZXg6IFNvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJL aXQvQ2hhbmdlTG9nCShyZXZpc2lvbiAyODQ3ODkpCisrKyBTb3VyY2UvV2ViS2l0L0NoYW5nZUxv Zwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDIxLTEwLTI1ICBQZXIgQXJuZSAg PHB2b2xsYW5AYXBwbGUuY29tPgorCisgICAgICAgIFttYWNPU11bR1BVUF0gUmVtb3ZlIHNhbmRi b3ggd3JpdGUgYWNjZXNzIHRvIGZpbGVzCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD0yMzIyNDcKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzg0NjIwMDIz PgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIEJhc2Vk IG9uIHRlbGVtZXRyeSwgcmVtb3ZlIHNhbmRib3ggd3JpdGUgYWNjZXNzIHRvIGZpbGVzIGluIHRo ZSBHUFUgcHJvY2VzcyBvbiBtYWNPUy4KKworICAgICAgICAqIEdQVVByb2Nlc3MvbWFjL2NvbS5h cHBsZS5XZWJLaXQuR1BVUHJvY2Vzcy5zYi5pbjoKKwogMjAyMS0xMC0yNSAgV2Vuc29uIEhzaWVo ICA8d2Vuc29uX2hzaWVoQGFwcGxlLmNvbT4KIAogICAgICAgICBSRUdSRVNTSU9OIChyMjg0MDc5 KTogQXVkaW8gY29udGludWVzIHBsYXlpbmcgb24gaHVsdS5jb20gaW4gcHJpdmF0ZSBicm93c2lu ZyBtb2RlIGFmdGVyIGNsb3NpbmcgdGhlIHRhYgpJbmRleDogU291cmNlL1dlYktpdC9HUFVQcm9j ZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0LkdQVVByb2Nlc3Muc2IuaW4KPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g U291cmNlL1dlYktpdC9HUFVQcm9jZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0LkdQVVByb2Nlc3Mu c2IuaW4JKHJldmlzaW9uIDI4NDc4MykKKysrIFNvdXJjZS9XZWJLaXQvR1BVUHJvY2Vzcy9tYWMv Y29tLmFwcGxlLldlYktpdC5HUFVQcm9jZXNzLnNiLmluCSh3b3JraW5nIGNvcHkpCkBAIC05MCwy MiArOTAsOSBAQAogICAgIChsaXRlcmFsICIvcHJpdmF0ZS9ldGMvbWFzdGVyLnBhc3N3ZCIpCiAg ICAgKGxpdGVyYWwgIi9wcml2YXRlL2V0Yy9wYXNzd2QiKSkKIAotKGFsbG93IGZpbGUtcmVhZCoK LSAgICAgICBmaWxlLXdyaXRlLWRhdGEgKHdpdGggdGVsZW1ldHJ5KQotICAgIChsaXRlcmFsICIv ZGV2L251bGwiKQotICAgIChsaXRlcmFsICIvZGV2L3plcm8iKSkKLQotKGFsbG93IGZpbGUtcmVh ZCoKLSAgICAobGl0ZXJhbCAiL2Rldi9kdHJhY2VoZWxwZXIiKSkKLShhbGxvdyBmaWxlLXdyaXRl LWRhdGEKLSAgICAgICBmaWxlLWlvY3RsICh3aXRoIHRlbGVtZXRyeSkKKyhhbGxvdyBmaWxlLXJl YWQqIGZpbGUtd3JpdGUtZGF0YSBmaWxlLWlvY3RsCiAgICAgKGxpdGVyYWwgIi9kZXYvZHRyYWNl aGVscGVyIikpCiAKLTs7OyBBbGxvdyBjcmVhdGlvbiBvZiBjb3JlIGR1bXBzLgotKGFsbG93IGZp bGUtd3JpdGUtY3JlYXRlICh3aXRoIHRlbGVtZXRyeSkKLSAgICAocmVxdWlyZS1hbGwgKHByZWZp eCAiL2NvcmVzLyIpCi0gICAgICAgICh2bm9kZS10eXBlIFJFR1VMQVItRklMRSkpKQotCiA7Ozsg QWxsb3cgSVBDIHRvIHN0YW5kYXJkIHN5c3RlbSBhZ2VudHMuCiAoYWxsb3cgaXBjLXBvc2l4LXNo bS1yZWFkKiAod2l0aCB0ZWxlbWV0cnkpCiAgICAgKGlwYy1wb3NpeC1uYW1lICJhcHBsZS5zaG0u bm90aWZpY2F0aW9uX2NlbnRlciIpCg== 444069 2021-11-12 08:10:12 -0800 2021-11-12 08:39:08 -0800 Patch bug-232247-20211112081010.patch text/plain 1676 pvollan SW5kZXg6IFNvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJL aXQvQ2hhbmdlTG9nCShyZXZpc2lvbiAyODU2ODApCisrKyBTb3VyY2UvV2ViS2l0L0NoYW5nZUxv Zwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDIxLTExLTEyICBQZXIgQXJuZSBW b2xsYW4gPHB2b2xsYW5AYXBwbGUuY29tPgorCisgICAgICAgIFttYWNPU11bR1BVUF0gUmVtb3Zl IHNhbmRib3ggd3JpdGUgYWNjZXNzIHRvIGZpbGVzCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJr aXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMzIyNDcKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzg0 NjIwMDIzPgorCisgICAgICAgIFJldmlld2VkIGJ5IEJyZW50IEZ1bGdoYW0uCisKKyAgICAgICAg QmFzZWQgb24gdGVsZW1ldHJ5LCByZW1vdmUgc2FuZGJveCB3cml0ZSBhY2Nlc3MgdG8gZmlsZXMg aW4gdGhlIEdQVSBwcm9jZXNzIG9uIG1hY09TLgorCisgICAgICAgICogR1BVUHJvY2Vzcy9tYWMv Y29tLmFwcGxlLldlYktpdC5HUFVQcm9jZXNzLnNiLmluOgorCiAyMDIxLTExLTExICBXZW5zb24g SHNpZWggIDx3ZW5zb25faHNpZWhAYXBwbGUuY29tPgogCiAgICAgICAgIE1vdmUgaW1hZ2Ugb3Zl cmxheSBjb2RlIG91dCBvZiBIVE1MRWxlbWVudCBhbmQgaW50byBhIHNlcGFyYXRlIGhlbHBlciBm aWxlCkluZGV4OiBTb3VyY2UvV2ViS2l0L0dQVVByb2Nlc3MvbWFjL2NvbS5hcHBsZS5XZWJLaXQu R1BVUHJvY2Vzcy5zYi5pbgo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0L0dQVVByb2Nlc3Mv bWFjL2NvbS5hcHBsZS5XZWJLaXQuR1BVUHJvY2Vzcy5zYi5pbgkocmV2aXNpb24gMjg1NjgwKQor KysgU291cmNlL1dlYktpdC9HUFVQcm9jZXNzL21hYy9jb20uYXBwbGUuV2ViS2l0LkdQVVByb2Nl c3Muc2IuaW4JKHdvcmtpbmcgY29weSkKQEAgLTc0LDIwICs3NCw4IEBACiAgICAgKGxpdGVyYWwg Ii9kZXYvcmFuZG9tIikKICAgICAobGl0ZXJhbCAiL3ByaXZhdGUvZXRjL3Bhc3N3ZCIpKQogCi0o YWxsb3cgZmlsZS13cml0ZS1kYXRhICh3aXRoIHRlbGVtZXRyeSkKLSAgICAobGl0ZXJhbCAiL2Rl di9udWxsIikKLSAgICAobGl0ZXJhbCAiL2Rldi96ZXJvIikpCi0KLShhbGxvdyBmaWxlLXJlYWQq CisoYWxsb3cgZmlsZS1yZWFkKiBmaWxlLXdyaXRlLWRhdGEgZmlsZS1pb2N0bAogICAgIChsaXRl cmFsICIvZGV2L2R0cmFjZWhlbHBlciIpKQotKGFsbG93IGZpbGUtd3JpdGUtZGF0YQotICAgICAg IGZpbGUtaW9jdGwgKHdpdGggdGVsZW1ldHJ5KQotICAgIChsaXRlcmFsICIvZGV2L2R0cmFjZWhl bHBlciIpKQotCi07OzsgQWxsb3cgY3JlYXRpb24gb2YgY29yZSBkdW1wcy4KLShhbGxvdyBmaWxl LXdyaXRlLWNyZWF0ZSAod2l0aCB0ZWxlbWV0cnkpCi0gICAgKHJlcXVpcmUtYWxsIChwcmVmaXgg Ii9jb3Jlcy8iKQotICAgICAgICAodm5vZGUtdHlwZSBSRUdVTEFSLUZJTEUpKSkKIAogOzs7IEFs bG93IElQQyB0byBzdGFuZGFyZCBzeXN0ZW0gYWdlbnRzLgogKGFsbG93IGlwYy1wb3NpeC1zaG0t cmVhZCogKHdpdGggdGVsZW1ldHJ5KQo=