Bug 207482

Summary: [iOS] Deny mach lookup access to analytics service in the WebContent process
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, darin, ggaren, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch darin: review+, commit-queue: commit-queue-

Description Per Arne Vollan 2020-02-10 10:55:39 PST 
As part of sandbox hardening work, this service should be denied in the WebContent process' sandbox.
Comment 1 Per Arne Vollan 2020-02-10 11:01:54 PST 
Created attachment 390267 [details]
Patch
Comment 2 Radar WebKit Bug Importer 2020-02-10 11:02:22 PST 
<rdar://problem/59317479>
Comment 3 Per Arne Vollan 2020-02-12 07:13:17 PST 
Comment on attachment 390267 [details]
Patch

Thanks for reviewing!
Comment 4 Per Arne Vollan 2020-02-12 07:13:45 PST 
I think the win test failure is unrelated to this patch.
Comment 5 WebKit Commit Bot 2020-02-12 07:33:55 PST 
Comment on attachment 390267 [details]
Patch

Rejecting attachment 390267 [details] from commit-queue.

Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 390267, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit

Logging in as commit-queue@webkit.org...
Fetching: https://bugs.webkit.org/attachment.cgi?id=390267&action=edit
Fetching: https://bugs.webkit.org/show_bug.cgi?id=207482&ctype=xml&excludefield=attachmentdata
Processing 1 patch from 1 bug.
Processing patch 390267 from bug 207482.
Fetching: https://bugs.webkit.org/attachment.cgi?id=390267
Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Darin Adler']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit

Parsed 5 diffs from patch file(s).
patching file Source/WebKit/ChangeLog
Hunk #1 succeeded at 1 with fuzz 3.
patching file Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
patching file LayoutTests/ChangeLog
Hunk #1 succeeded at 1 with fuzz 3.
patching file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt
Hunk #1 FAILED at 17.
1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt.rej
patching file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html
Hunk #1 FAILED at 20.
1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html.rej

Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Darin Adler']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit

Full output: https://webkit-queues.webkit.org/results/13321366
Comment 6 Per Arne Vollan 2020-02-12 10:53:30 PST 
Committed r256455: <https://trac.webkit.org/changeset/256455/webkit>