Bug 225111

Summary: [iOS] [GPU] The UI process should issue mach sandbox extensions to 'iconservices'
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, pvollan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
ews-feeder: commit-queue-
Patch
none
Patch none

Brent Fulgham
Reported 2021-04-27 10:41:39 PDT
In Bug 205443 we did work to extend access to non-web-browsing services to the WebContent process only when needed. This was lost in the transition to the GPU Process, and should be added back. <rdar://problem/68366888>
Attachments
Patch (9.14 KB, patch)
2021-04-27 10:52 PDT, Brent Fulgham 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (9.15 KB, patch)
2021-04-27 10:56 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (9.24 KB, patch)
2021-04-27 15:33 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2021-04-27 10:52:02 PDT
Created attachment 427166 [details] Patch
Brent Fulgham
Comment 2 2021-04-27 10:56:32 PDT
Created attachment 427169 [details] Patch
Per Arne Vollan
Comment 3 2021-04-27 11:46:27 PDT
Comment on attachment 427169 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=427169&action=review > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:727 > +(deny mach-lookup (with telemetry-backtrace) I think the other services should be denied as well. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:952 > + "com.apple.lsd.open" I wonder if these are needed in the GPU process. Do we have telemetry for this?
Per Arne Vollan
Comment 4 2021-04-27 12:22:26 PDT
Comment on attachment 427169 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=427169&action=review >> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:727 >> +(deny mach-lookup (with telemetry-backtrace) > > I think the other services should be denied as well. (in the case where they are not tied to the extension)
Brent Fulgham
Comment 5 2021-04-27 15:33:42 PDT
Created attachment 427204 [details] Patch
Per Arne Vollan
Comment 6 2021-04-27 17:03:41 PDT
Comment on attachment 427204 [details] Patch R=me
EWS
Comment 7 2021-04-28 10:27:42 PDT
Committed r276721 (237125@main): <https://commits.webkit.org/237125@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427204 [details].
Note You need to log in before you can comment on or make changes to this bug.