RESOLVED FIXED 222148
Adopt com.apple.security.cs.jit-write-allowlist on internal builds
https://bugs.webkit.org/show_bug.cgi?id=222148
Summary Adopt com.apple.security.cs.jit-write-allowlist on internal builds
Saam Barati
Reported 2021-02-18 17:38:33 PST
It'll prevent various pthread permissions switching APIs from working. But we can only do that on internal builds where we use the fast permission switching macro. We can't do it for open source builds, where we rely on the pthread API.
Attachments
WIP (9.01 KB, patch)
2021-02-18 17:41 PST, Saam Barati
no flags
work in progress. (9.14 KB, patch)
2021-06-02 18:20 PDT, Mark Lam
no flags
proposed patch. (10.68 KB, patch)
2021-06-02 22:39 PDT, Mark Lam
no flags
proposed patch. (10.70 KB, patch)
2021-06-02 23:26 PDT, Mark Lam
pvollan: review+
proposed patch. (10.70 KB, patch)
2021-06-16 15:23 PDT, Mark Lam
no flags
Saam Barati
Comment 1 2021-02-18 17:41:47 PST
Radar WebKit Bug Importer
Comment 2 2021-02-25 17:39:13 PST
Mark Lam
Comment 3 2021-05-20 15:52:23 PDT
Mark Lam
Comment 4 2021-06-02 18:20:02 PDT
Created attachment 430429 [details] work in progress.
Mark Lam
Comment 5 2021-06-02 22:39:51 PDT
Created attachment 430444 [details] proposed patch.
Mark Lam
Comment 6 2021-06-02 23:26:58 PDT
Created attachment 430446 [details] proposed patch.
Per Arne Vollan
Comment 7 2021-06-03 11:14:25 PDT
Comment on attachment 430446 [details] proposed patch. R=me. Would it be sufficient to only add the entitlement to the WebContent XPC service?
Mark Lam
Comment 8 2021-06-03 11:29:43 PDT
(In reply to Per Arne Vollan from comment #7) > Comment on attachment 430446 [details] > proposed patch. > > R=me. Would it be sufficient to only add the entitlement to the WebContent > XPC service? Thanks. For our purpose, the goal of the entitlement isn't to gain access to something. Instead, by adopting the entitlement, we disable access to various pthread permissions switching APIs. Hence, we do want to add this entitlement to all processes because we want to disable those APIs on all processes.
Mark Lam
Comment 9 2021-06-16 15:23:57 PDT
Created attachment 431613 [details] proposed patch.
Per Arne Vollan
Comment 10 2021-06-16 15:43:53 PDT
Comment on attachment 431613 [details] proposed patch. R=me.
EWS
Comment 11 2021-06-16 16:37:08 PDT
Committed r278966 (238893@main): <https://commits.webkit.org/238893@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 431613 [details].
Note You need to log in before you can comment on or make changes to this bug.