Summary: | [iOS] [GPU] The UI process should issue mach sandbox extensions to 'iconservices' | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Brent Fulgham <bfulgham> | ||||||||
Component: | WebKit Misc. | Assignee: | Brent Fulgham <bfulgham> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | Normal | CC: | bfulgham, pvollan | ||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||
Version: | WebKit Nightly Build | ||||||||||
Hardware: | Unspecified | ||||||||||
OS: | Unspecified | ||||||||||
Attachments: |
|
Description
Brent Fulgham
2021-04-27 10:41:39 PDT
Created attachment 427166 [details]
Patch
Created attachment 427169 [details]
Patch
Comment on attachment 427169 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=427169&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:727 > +(deny mach-lookup (with telemetry-backtrace) I think the other services should be denied as well. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:952 > + "com.apple.lsd.open" I wonder if these are needed in the GPU process. Do we have telemetry for this? Comment on attachment 427169 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=427169&action=review >> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:727 >> +(deny mach-lookup (with telemetry-backtrace) > > I think the other services should be denied as well. (in the case where they are not tied to the extension) Created attachment 427204 [details]
Patch
Comment on attachment 427204 [details]
Patch
R=me
Committed r276721 (237125@main): <https://commits.webkit.org/237125@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427204 [details]. |