Bug 172151

Summary: [WK2][macOS] Adopt a whitelist for XPC services
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit2Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, bfulgham, commit-queue
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=172182
Bug Depends on:    
Bug Blocks: 180701    
Attachments:
Description Flags
Patch
none
Patch v2 none

Brent Fulgham
Reported 2017-05-15 17:44:39 PDT
Lock down the sandbox further by denying XPC services access by default, and only permitting connections to things we need to access.
Attachments
Patch (5.44 KB, patch)
2017-05-15 17:59 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch v2 (5.18 KB, patch)
2017-05-15 18:29 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2017-05-15 17:59:22 PDT
Created attachment 310199 [details] Patch
Brent Fulgham
Comment 2 2017-05-15 18:29:15 PDT
Created attachment 310203 [details] Patch v2
Brent Fulgham
Comment 3 2017-05-15 18:29:34 PDT
Comment on attachment 310203 [details] Patch v2 Revised patch -- some of the XPC services granted to the plugin process were not needed.
WebKit Commit Bot
Comment 4 2017-05-16 12:09:09 PDT
Comment on attachment 310203 [details] Patch v2 Clearing flags on attachment: 310203 Committed r216941: <http://trac.webkit.org/changeset/216941>
WebKit Commit Bot
Comment 5 2017-05-16 12:09:11 PDT
All reviewed patches have been landed. Closing bug.
Brent Fulgham
Comment 6 2017-05-16 12:10:16 PDT
<rdar://problem/31916325>
Note You need to log in before you can comment on or make changes to this bug.