Bug 205468 - Unblock iokit-get-property needed for frame buffer initialization
Summary: Unblock iokit-get-property needed for frame buffer initialization
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2019-12-19 13:05 PST by Brent Fulgham
Modified: 2019-12-19 15:38 PST (History)
7 users (show)

See Also:


Attachments
Patch (1.99 KB, patch)
2019-12-19 13:07 PST, Brent Fulgham
pvollan: review+
bfulgham: commit-queue+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2019-12-19 13:05:15 PST
Sandbox logging indicates that we are now blocking an iokit-get-property call that is needed when starting up the WebContent process.
Comment 1 Brent Fulgham 2019-12-19 13:05:27 PST
<rdar://problem/57897684>
Comment 2 Brent Fulgham 2019-12-19 13:07:32 PST
Created attachment 386135 [details]
Patch
Comment 3 Per Arne Vollan 2019-12-19 13:33:34 PST
Comment on attachment 386135 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=386135&action=review

> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:105
> +    ; IOMobileFramebuffer
> +    (with-filter (iokit-registry-entry-class "IOMobileFramebuffer")
> +        (allow iokit-get-properties
> +               (iokit-property "AppleTV"
> +                               "DisplayPipePlaneBaseAlignment"
> +                               "DisplayPipeStrideRequirements"
> +                               "PerformanceStatistics"
> +                               "appleTV-VID0"
> +                               "appleTV-VID1"
> +                               "hdcp-hoover-protocol")))
> +
> +    (mobile-preferences-read "com.apple.iokit.IOMobileGraphicsFamily")
> +)

Do we need to audit new iokit get properties rules in the WebContent process? Or is it always safe to add these?
Comment 4 Per Arne Vollan 2019-12-19 13:58:27 PST
Comment on attachment 386135 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=386135&action=review

>> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:105
>> +)
> 
> Do we need to audit new iokit get properties rules in the WebContent process? Or is it always safe to add these?

Are all strictly needed, or would a subset be sufficient?
Comment 5 Brent Fulgham 2019-12-19 14:04:07 PST
Comment on attachment 386135 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=386135&action=review

>>> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:105
>>> +)
>> 
>> Do we need to audit new iokit get properties rules in the WebContent process? Or is it always safe to add these?
> 
> Are all strictly needed, or would a subset be sufficient?

Many of these are already part of the "global" set of allow rules; I want to move to this model for them in the future. So this change is a first step in that direction.

I think these are safe to add from a security standpoint. They were vetted for use in container.sb, and David has stated that he isn't worried about these "read data" properties.
Comment 6 Per Arne Vollan 2019-12-19 14:22:59 PST
Comment on attachment 386135 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=386135&action=review

R=me.

>>>> Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:105
>>>> +)
>>> 
>>> Do we need to audit new iokit get properties rules in the WebContent process? Or is it always safe to add these?
>> 
>> Are all strictly needed, or would a subset be sufficient?
> 
> Many of these are already part of the "global" set of allow rules; I want to move to this model for them in the future. So this change is a first step in that direction.
> 
> I think these are safe to add from a security standpoint. They were vetted for use in container.sb, and David has stated that he isn't worried about these "read data" properties.

Sounds good!
Comment 7 Brent Fulgham 2019-12-19 15:38:34 PST
Committed r253792: <https://trac.webkit.org/changeset/253792>