Bug 233086 - [macOS] Block access to unused resources in the Networking process' sandbox
Summary: [macOS] Block access to unused resources in the Networking process' sandbox
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2021-11-13 09:22 PST by Per Arne Vollan
Modified: 2021-11-18 09:59 PST (History)
4 users (show)

See Also:


Attachments
Patch (7.06 KB, patch)
2021-11-13 09:24 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (11.89 KB, patch)
2021-11-13 10:31 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (17.50 KB, patch)
2021-11-13 10:58 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (21.84 KB, patch)
2021-11-13 14:56 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (21.84 KB, patch)
2021-11-13 15:38 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (21.73 KB, patch)
2021-11-15 13:16 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (21.84 KB, patch)
2021-11-15 15:43 PST, Per Arne Vollan
ews-feeder: commit-queue-
Details | Formatted Diff | Diff
Patch (11.92 KB, patch)
2021-11-16 10:00 PST, Per Arne Vollan
ews-feeder: commit-queue-
Details | Formatted Diff | Diff
Patch (7.08 KB, patch)
2021-11-16 11:27 PST, Per Arne Vollan
ews-feeder: commit-queue-
Details | Formatted Diff | Diff
Patch (7.09 KB, patch)
2021-11-16 14:55 PST, Per Arne Vollan
ews-feeder: commit-queue-
Details | Formatted Diff | Diff
Patch (6.48 KB, patch)
2021-11-16 17:56 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (6.83 KB, patch)
2021-11-17 08:59 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (6.96 KB, patch)
2021-11-17 10:17 PST, Per Arne Vollan
ews-feeder: commit-queue-
Details | Formatted Diff | Diff
Patch (21.75 KB, patch)
2021-11-17 12:18 PST, Per Arne Vollan
bfulgham: review+
Details | Formatted Diff | Diff
Patch (21.81 KB, patch)
2021-11-18 07:22 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff
Patch (1.38 KB, patch)
2021-11-18 08:40 PST, Per Arne Vollan
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2021-11-13 09:22:15 PST
Based on telemetry, block access to unused resources in the Networking process' sandbox on macOS.
Comment 1 Radar WebKit Bug Importer 2021-11-13 09:22:46 PST
<rdar://problem/85376544>
Comment 2 Per Arne Vollan 2021-11-13 09:24:42 PST
Created attachment 444140 [details]
Patch
Comment 3 Per Arne Vollan 2021-11-13 10:31:51 PST
Created attachment 444142 [details]
Patch
Comment 4 Per Arne Vollan 2021-11-13 10:58:25 PST
Created attachment 444144 [details]
Patch
Comment 5 Per Arne Vollan 2021-11-13 14:56:13 PST
Created attachment 444151 [details]
Patch
Comment 6 Per Arne Vollan 2021-11-13 15:38:39 PST
Created attachment 444155 [details]
Patch
Comment 7 Per Arne Vollan 2021-11-15 13:16:00 PST
Created attachment 444300 [details]
Patch
Comment 8 Per Arne Vollan 2021-11-15 15:43:03 PST
Created attachment 444312 [details]
Patch
Comment 9 Per Arne Vollan 2021-11-16 10:00:51 PST
Created attachment 444404 [details]
Patch
Comment 10 Per Arne Vollan 2021-11-16 11:27:03 PST
Created attachment 444416 [details]
Patch
Comment 11 Per Arne Vollan 2021-11-16 14:55:22 PST
Created attachment 444439 [details]
Patch
Comment 12 Per Arne Vollan 2021-11-16 17:56:25 PST
Created attachment 444461 [details]
Patch
Comment 13 Per Arne Vollan 2021-11-17 08:59:49 PST
Created attachment 444529 [details]
Patch
Comment 14 Per Arne Vollan 2021-11-17 10:17:32 PST
Created attachment 444532 [details]
Patch
Comment 15 Per Arne Vollan 2021-11-17 12:18:11 PST
Created attachment 444548 [details]
Patch
Comment 16 Brent Fulgham 2021-11-17 16:17:26 PST
Comment on attachment 444548 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=444548&action=review

> Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:157
> +(deny sysctl*) (with telemetry)

Is this syntax correct? shouldn't it be (deny sysctl* (with telemetry))
Comment 17 Per Arne Vollan 2021-11-17 18:06:18 PST
(In reply to Brent Fulgham from comment #16)
> Comment on attachment 444548 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=444548&action=review
> 
> > Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:157
> > +(deny sysctl*) (with telemetry)
> 
> Is this syntax correct? shouldn't it be (deny sysctl* (with telemetry))

Ah, that's a very good point, will fix.

Thanks for reviewing!
Comment 18 Brent Fulgham 2021-11-17 18:33:16 PST
Comment on attachment 444548 [details]
Patch

R=me, if you fix the syntax error.
Comment 19 Per Arne Vollan 2021-11-18 07:22:25 PST
Created attachment 444671 [details]
Patch
Comment 20 EWS 2021-11-18 07:52:49 PST
Committed r286003 (244400@main): <https://commits.webkit.org/244400@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 444671 [details].
Comment 21 Per Arne Vollan 2021-11-18 08:40:43 PST
Reopening to attach new patch.
Comment 22 Per Arne Vollan 2021-11-18 08:40:44 PST
Created attachment 444682 [details]
Patch
Comment 23 Brent Fulgham 2021-11-18 09:14:57 PST
Comment on attachment 444682 [details]
Patch

r=me
Comment 24 Per Arne Vollan 2021-11-18 09:31:46 PST
Comment on attachment 444682 [details]
Patch

Thanks for reviewing!
Comment 25 EWS 2021-11-18 09:59:04 PST
Committed r286010 (244403@main): <https://commits.webkit.org/244403@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 444682 [details].