RESOLVED FIXED 205240
[iOS] Deny mach lookup access to "*.viewservice" in the WebContent process 
https://bugs.webkit.org/show_bug.cgi?id=205240
Summary [iOS] Deny mach lookup access to "*.viewservice" in the WebContent process
Per Arne Vollan
Reported 2019-12-14 14:15:57 PST
As part of sandbox hardening in the WebContent process, mach lookup access to “*.viewservice” should be removed.
Attachments
Patch (3.32 KB, patch)
2019-12-14 14:20 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2019-12-14 14:16:12 PST
rdar://problem/56990598
Per Arne Vollan
Comment 2 2019-12-14 14:20:49 PST
Created attachment 385700 [details] Patch
Brent Fulgham
Comment 3 2019-12-14 14:30:13 PST
Comment on attachment 385700 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=385700&action=review R=me > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:-446 > - (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371> Here we go!
Per Arne Vollan
Comment 4 2019-12-14 14:35:36 PST
(In reply to Brent Fulgham from comment #3) > Comment on attachment 385700 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=385700&action=review > > R=me > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:-446 > > - (xpc-service-name-regex #"\.viewservice$") ;; <rdar://problem/31252371> > > Here we go! Thanks for reviewing :)
WebKit Commit Bot
Comment 5 2019-12-14 15:20:52 PST
Comment on attachment 385700 [details] Patch Clearing flags on attachment: 385700 Committed r253529: <https://trac.webkit.org/changeset/253529>
WebKit Commit Bot
Comment 6 2019-12-14 15:20:54 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.