RESOLVED FIXED 207482
[iOS] Deny mach lookup access to analytics service in the WebContent process 
https://bugs.webkit.org/show_bug.cgi?id=207482
Summary [iOS] Deny mach lookup access to analytics service in the WebContent process
Per Arne Vollan
Reported Monday, February 10, 2020 6:55:39 PM UTC
As part of sandbox hardening work, this service should be denied in the WebContent process' sandbox.
Attachments
Patch (3.86 KB, patch)
2020-02-10 11:01 PST, Per Arne Vollan 		darin: review+
commit-queue: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 Monday, February 10, 2020 7:01:54 PM UTC
Created attachment 390267 [details] Patch
Radar WebKit Bug Importer
Comment 2 Monday, February 10, 2020 7:02:22 PM UTC
<rdar://problem/59317479>
Per Arne Vollan
Comment 3 Wednesday, February 12, 2020 3:13:17 PM UTC
Comment on attachment 390267 [details] Patch Thanks for reviewing!
Per Arne Vollan
Comment 4 Wednesday, February 12, 2020 3:13:45 PM UTC
I think the win test failure is unrelated to this patch.
WebKit Commit Bot
Comment 5 Wednesday, February 12, 2020 3:33:55 PM UTC
Comment on attachment 390267 [details] Patch Rejecting attachment 390267 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 390267, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Logging in as commit-queue@webkit.org... Fetching: https://bugs.webkit.org/attachment.cgi?id=390267&action=edit Fetching: https://bugs.webkit.org/show_bug.cgi?id=207482&ctype=xml&excludefield=attachmentdata Processing 1 patch from 1 bug. Processing patch 390267 from bug 207482. Fetching: https://bugs.webkit.org/attachment.cgi?id=390267 Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Darin Adler']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Parsed 5 diffs from patch file(s). patching file Source/WebKit/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb patching file LayoutTests/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt Hunk #1 FAILED at 17. 1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt.rej patching file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html Hunk #1 FAILED at 20. 1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html.rej Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Darin Adler']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Full output: https://webkit-queues.webkit.org/results/13321366
Per Arne Vollan
Comment 6 Wednesday, February 12, 2020 6:53:30 PM UTC
Committed r256455: <https://trac.webkit.org/changeset/256455/webkit>
Note You need to log in before you can comment on or make changes to this bug.