Bug 233129

Summary: [iOS] Block access to unused resources in the Networking process' sandbox
Product: WebKit Reporter: Per Arne Vollan <pvollan>
Component: WebKit Misc.Assignee: Per Arne Vollan <pvollan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, gavin.p, mazander, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch
bfulgham: review+
Patch
none
Patch none

Description Per Arne Vollan 2021-11-15 07:48:29 PST 
Based on telemetry, block access to unused resources in the Networking process' sandbox on iOS.
Comment 1 Radar WebKit Bug Importer 2021-11-15 07:51:32 PST 
<rdar://problem/85411927>
Comment 2 Per Arne Vollan 2021-11-15 07:53:26 PST 
Created attachment 444254 [details]
Patch
Comment 3 Per Arne Vollan 2021-11-15 09:10:19 PST 
Created attachment 444263 [details]
Patch
Comment 4 Per Arne Vollan 2021-11-15 11:23:51 PST 
Created attachment 444280 [details]
Patch
Comment 5 Brent Fulgham 2021-11-17 13:05:29 PST 
Comment on attachment 444280 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=444280&action=review

r=me

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:128
> +           (global-name "com.apple.symptomsd"))

Might be tidier to include this in the deny/with-telemetry on line 121.

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:175
>             (global-name "com.apple.nsurlsessiond"))

It's shocking to me that this isn't needed!

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:338
>          (subpath "/private/var/preferences/Logging"))

Could this be combined with the set on line 325 above (along with /private/var/db/timezone?)
Comment 6 Per Arne Vollan 2021-11-18 07:28:23 PST 
Created attachment 444672 [details]
Patch
Comment 7 Per Arne Vollan 2021-11-18 07:33:16 PST 
(In reply to Brent Fulgham from comment #5)
> Comment on attachment 444280 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=444280&action=review
> 
> r=me
> 
> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:128
> > +           (global-name "com.apple.symptomsd"))
> 
> Might be tidier to include this in the deny/with-telemetry on line 121.
> 

Fixed.

> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:175
> >             (global-name "com.apple.nsurlsessiond"))
> 
> It's shocking to me that this isn't needed!
> 

Yes, I agree, this is surprising. Telemetry and local testing suggests that the mach service is unused and can be denied. We still have telemetry enabled in the sandbox.

> > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:338
> >          (subpath "/private/var/preferences/Logging"))
> 
> Could this be combined with the set on line 325 above (along with
> /private/var/db/timezone?)

Done.

Thanks for reviewing!
Comment 8 EWS 2021-11-18 07:56:44 PST 
Committed r286004 (244401@main): <https://commits.webkit.org/244401@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 444672 [details].
Comment 9 Per Arne Vollan 2021-11-18 11:53:24 PST 
Reopening to attach new patch.
Comment 10 Per Arne Vollan 2021-11-18 11:53:25 PST 
Created attachment 444711 [details]
Patch
Comment 11 EWS 2021-11-18 12:55:03 PST 
Committed r286022 (244411@main): <https://commits.webkit.org/244411@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 444711 [details].