Bug 172151 - [WK2][macOS] Adopt a whitelist for XPC services
Summary: [WK2][macOS] Adopt a whitelist for XPC services
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on:
Blocks: 180701
  Show dependency treegraph
 
Reported: 2017-05-15 17:44 PDT by Brent Fulgham
Modified: 2017-12-12 10:39 PST (History)
3 users (show)

See Also:

Attachments
Patch (5.44 KB, patch)
2017-05-15 17:59 PDT, Brent Fulgham 		no flags Details | Formatted Diff | Diff
Patch v2 (5.18 KB, patch)
2017-05-15 18:29 PDT, Brent Fulgham 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2017-05-15 17:44:39 PDT 
Lock down the sandbox further by denying XPC services access by default, and only permitting connections to things we need to access.
Comment 1 Brent Fulgham 2017-05-15 17:59:22 PDT 
Created attachment 310199 [details]
Patch
Comment 2 Brent Fulgham 2017-05-15 18:29:15 PDT 
Created attachment 310203 [details]
Patch v2
Comment 3 Brent Fulgham 2017-05-15 18:29:34 PDT 
Comment on attachment 310203 [details]
Patch v2

Revised patch -- some of the XPC services granted to the plugin process were not needed.
Comment 4 WebKit Commit Bot 2017-05-16 12:09:09 PDT 
Comment on attachment 310203 [details]
Patch v2

Clearing flags on attachment: 310203

Committed r216941: <http://trac.webkit.org/changeset/216941>
Comment 5 WebKit Commit Bot 2017-05-16 12:09:11 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 Brent Fulgham 2017-05-16 12:10:16 PDT 
<rdar://problem/31916325>