WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
207487
[iOS] Deny mach lookup access to view service in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=207487
Summary
[iOS] Deny mach lookup access to view service in the WebContent process
Per Arne Vollan
Reported
2020-02-10 11:13:34 PST
As part of sandbox hardening, mach lookup access to com.apple.uikit.viewservice should be denied.
Attachments
Patch
(3.95 KB, patch)
2020-02-10 11:17 PST
,
Per Arne Vollan
darin
: review+
commit-queue
: commit-queue-
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Per Arne Vollan
Comment 1
2020-02-10 11:13:54 PST
rdar://problem/56995704
Per Arne Vollan
Comment 2
2020-02-10 11:17:45 PST
Created
attachment 390271
[details]
Patch
Per Arne Vollan
Comment 3
2020-02-12 07:12:09 PST
Comment on
attachment 390271
[details]
Patch Thanks for reviewing!
Per Arne Vollan
Comment 4
2020-02-12 07:12:40 PST
I believe the api-ios test failure is unrelated to this patch.
WebKit Commit Bot
Comment 5
2020-02-12 07:33:24 PST
Comment on
attachment 390271
[details]
Patch Rejecting
attachment 390271
[details]
from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-01', 'apply-attachment', '--no-update', '--non-interactive', 390271, '--port=mac']" exit_code: 2 cwd: /Volumes/Data/EWS/WebKit Logging in as
commit-queue@webkit.org
... Fetching:
https://bugs.webkit.org/attachment.cgi?id=390271&action=edit
Fetching:
https://bugs.webkit.org/show_bug.cgi?id=207487
&ctype=xml&excludefield=attachmentdata Processing 1 patch from 1 bug. Processing patch 390271 from
bug 207487
. Fetching:
https://bugs.webkit.org/attachment.cgi?id=390271
Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Darin Adler']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Parsed 5 diffs from patch file(s). patching file Source/WebKit/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb Hunk #1 succeeded at 422 (offset 1 line). patching file LayoutTests/ChangeLog Hunk #1 succeeded at 1 with fuzz 3. patching file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt Hunk #1 FAILED at 17. 1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup-expected.txt.rej patching file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html Hunk #1 FAILED at 20. 1 out of 1 hunk FAILED -- saving rejects to file LayoutTests/fast/sandbox/ios/sandbox-mach-lookup.html.rej Failed to run "[u'/Volumes/Data/EWS/WebKit/Tools/Scripts/svn-apply', '--force', '--reviewer', u'Darin Adler']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit Full output:
https://webkit-queues.webkit.org/results/13321362
Brent Fulgham
Comment 6
2020-02-12 08:56:01 PST
Looks like this didn't apply cleanly on the api-ios bot. Can you clean up and land manually?
Per Arne Vollan
Comment 7
2020-02-12 10:29:36 PST
(In reply to Brent Fulgham from
comment #6
)
> Looks like this didn't apply cleanly on the api-ios bot. Can you clean up > and land manually?
Will do!
Per Arne Vollan
Comment 8
2020-02-12 10:41:08 PST
Committed
r256450
: <
https://trac.webkit.org/changeset/256450/webkit
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug