RESOLVED FIXED Bug 209302
Remove Mobile Asset access from the WebContent process 
https://bugs.webkit.org/show_bug.cgi?id=209302
Summary Remove Mobile Asset access from the WebContent process
Brent Fulgham
Reported 2020-03-19 13:44:15 PDT
We no longer need access to the Mobile Asset service, and should deny access from the WebContent sandbox.
Attachments
Patch (5.25 KB, patch)
2020-03-19 13:51 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch for landing (5.77 KB, patch)
2020-03-19 14:58 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2020-03-19 13:51:49 PDT
Created attachment 394017 [details] Patch
Radar WebKit Bug Importer
Comment 2 2020-03-19 13:52:35 PDT
<rdar://problem/60650301>
Per Arne Vollan
Comment 3 2020-03-19 14:37:54 PDT
Comment on attachment 394017 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=394017&action=review R=me. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:-119 > - (allow mach-lookup (with telemetry-backtrace) > - (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2")) Should we deny (with telemetry-backtrace), in case there are some really rare cases of access we didn't catch?
Brent Fulgham
Comment 4 2020-03-19 14:58:04 PDT
Created attachment 394026 [details] Patch for landing
Brent Fulgham
Comment 5 2020-03-19 14:58:32 PDT
(In reply to Per Arne Vollan from comment #3) > Comment on attachment 394017 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=394017&action=review > > R=me. > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:-119 > > - (allow mach-lookup (with telemetry-backtrace) > > - (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2")) > > Should we deny (with telemetry-backtrace), in case there are some really > rare cases of access we didn't catch? Good idea -- I've done so in the patch for cq.
EWS
Comment 6 2020-03-19 15:45:02 PDT
Committed r258736: <https://trac.webkit.org/changeset/258736> All reviewed patches have been landed. Closing bug and clearing flags on attachment 394026 [details].
Note You need to log in before you can comment on or make changes to this bug.