Bug 203697

Summary: [iOS] Fix mach lookup sandbox violations in the Mail app
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, bfulgham, commit-queue, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
ap: review+
Patch none

Description Per Arne Vollan 2019-10-31 13:59:08 PDT 
The following services are being used by the Mail app, and needs to be allowed.

1) com.apple.logd.events
2) com.apple.distributed_notifications@1v3
Comment 1 Per Arne Vollan 2019-10-31 13:59:30 PDT 
rdar://problem/56765698
Comment 2 Per Arne Vollan 2019-10-31 14:03:38 PDT 
Created attachment 382499 [details]
Patch
Comment 3 Per Arne Vollan 2019-10-31 14:32:09 PDT 
Created attachment 382501 [details]
Patch
Comment 4 Alexey Proskuryakov 2019-10-31 16:19:08 PDT 
Comment on attachment 382501 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=382501&action=review

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:624
> +(allow mach-lookup
>      (global-name "com.apple.logd.events"))
>  
>  (allow mach-lookup
> +    (global-name "com.apple.distributed_notifications@1v3"))
> +
> +(allow mach-lookup
> +    (global-name "com.apple.aggregated"))
> +
> +(allow mach-lookup
>      (global-name "com.apple.cfprefsd.daemon"))

Should these all be combined into one "allow mach-lookup" expression?
Comment 5 Per Arne Vollan 2019-10-31 16:30:50 PDT 
Created attachment 382518 [details]
Patch
Comment 6 Per Arne Vollan 2019-10-31 16:33:17 PDT 
(In reply to Alexey Proskuryakov from comment #4)
> Comment on attachment 382501 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=382501&action=review
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:624
> > +(allow mach-lookup
> >      (global-name "com.apple.logd.events"))
> >  
> >  (allow mach-lookup
> > +    (global-name "com.apple.distributed_notifications@1v3"))
> > +
> > +(allow mach-lookup
> > +    (global-name "com.apple.aggregated"))
> > +
> > +(allow mach-lookup
> >      (global-name "com.apple.cfprefsd.daemon"))
> 
> Should these all be combined into one "allow mach-lookup" expression?

Done.

Thanks for reviewing!
Comment 7 WebKit Commit Bot 2019-10-31 17:32:04 PDT 
Comment on attachment 382518 [details]
Patch

Clearing flags on attachment: 382518

Committed r251897: <https://trac.webkit.org/changeset/251897>