Bug 207170 - [iOS] Deny mach lookup to 'com.apple.webinspector' in the WebContent process.
Summary: [iOS] Deny mach lookup to 'com.apple.webinspector' in the WebContent process.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on: 203214
Blocks:
  Show dependency treegraph
 
Reported: 2020-02-03 17:39 PST by Brent Fulgham
Modified: 2020-03-26 13:33 PDT (History)
3 users (show)

See Also:

Attachments
Patch (3.69 KB, patch)
2020-03-19 13:57 PDT, Brent Fulgham 		no flags Details | Formatted Diff | Diff
Patch for landing (3.06 KB, patch)
2020-03-26 13:09 PDT, Brent Fulgham 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2020-02-03 17:39:14 PST 
After Bug 203214 is complete, update the sandbox to remove the access.
Comment 1 Radar WebKit Bug Importer 2020-02-03 17:39:33 PST 
<rdar://problem/59134038>
Comment 2 Brent Fulgham 2020-03-19 13:57:49 PDT 
Created attachment 394018 [details]
Patch
Comment 3 Per Arne Vollan 2020-03-19 14:40:21 PDT 
Comment on attachment 394018 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=394018&action=review

R=me.

> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-641
> -;; Remote Web Inspector
> -(allow mach-lookup
> -       (global-name "com.apple.webinspector"))
> -

I don't believe we can remove it on macOS just yet.
Comment 4 Brent Fulgham 2020-03-20 17:16:40 PDT 
Comment on attachment 394018 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=394018&action=review

>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-641
>> -
> 
> I don't believe we can remove it on macOS just yet.

Really? The connection seems to be vended on macOS, too. What's missing?
Comment 5 Per Arne Vollan 2020-03-20 17:45:52 PDT 
Comment on attachment 394018 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=394018&action=review

>>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-641
>>> -
>> 
>> I don't believe we can remove it on macOS just yet.
> 
> Really? The connection seems to be vended on macOS, too. What's missing?

The code is enabled for macOS, but the method WebProcessProxy::enableRemoteInspectorIfNeeded() checks a preference which only exist on iOS, I believe.
Comment 6 Brent Fulgham 2020-03-26 13:09:58 PDT 
Created attachment 394648 [details]
Patch for landing
Comment 7 EWS 2020-03-26 13:33:42 PDT 
Committed r259072: <https://trac.webkit.org/changeset/259072>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 394648 [details].