RESOLVED FIXED 234175
[iOS][WP] Restrict image decoders 
https://bugs.webkit.org/show_bug.cgi?id=234175
Summary [iOS][WP] Restrict image decoders
Per Arne Vollan
Reported 2021-12-10 14:19:52 PST
Restrict image decoders in order to enable further sandbox strengthening.
Attachments
Patch (8.24 KB, patch)
2021-12-10 14:28 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (8.29 KB, patch)
2021-12-13 02:06 PST, Per Arne Vollan 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (8.25 KB, patch)
2021-12-13 02:52 PST, Per Arne Vollan 		bfulgham: review+
DetailsFormatted DiffDiff
Patch (10.09 KB, patch)
2022-01-29 14:21 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Patch (2.81 KB, patch)
2022-01-31 11:05 PST, Per Arne Vollan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Per Arne Vollan
Comment 1 2021-12-10 14:28:28 PST
Created attachment 446815 [details] Patch
Per Arne Vollan
Comment 2 2021-12-13 02:06:30 PST
Created attachment 446980 [details] Patch
Per Arne Vollan
Comment 3 2021-12-13 02:52:54 PST
Created attachment 446983 [details] Patch
Radar WebKit Bug Importer
Comment 4 2021-12-17 14:20:18 PST
<rdar://problem/86650455>
Brent Fulgham
Comment 5 2022-01-27 15:23:38 PST
Comment on attachment 446983 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=446983&action=review r=me > Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:-451 > - parameters.videoDecoderExtensionHandles = SandboxExtension::createHandlesForMachLookup({ "com.apple.coremedia.decompressionsession"_s }, std::nullopt); Nice!
Per Arne Vollan
Comment 6 2022-01-29 14:21:52 PST
Created attachment 450338 [details] Patch
Per Arne Vollan
Comment 7 2022-01-31 09:24:47 PST
Comment on attachment 450338 [details] Patch Thanks for reviewing!
EWS
Comment 8 2022-01-31 09:32:49 PST
Committed r288817 (246593@main): <https://commits.webkit.org/246593@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 450338 [details].
Simon Fraser (smfr)
Comment 9 2022-01-31 09:52:01 PST
Comment on attachment 450338 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=450338&action=review > Source/WebKit/Shared/WebProcessCreationParameters.cpp:484 > + parameters.restrictImageAndVideoDecoders = WTFMove(*restrictImageAndVideoDecoders); Not necessary to WTFMove a bool > Source/WebKit/Shared/WebProcessCreationParameters.h:207 > Vector<SandboxExtension::Handle> videoDecoderExtensionHandles; Should this be #if PLATFORM(MAC) now?
Per Arne Vollan
Comment 10 2022-01-31 09:58:07 PST
(In reply to Simon Fraser (smfr) from comment #9) > Comment on attachment 450338 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=450338&action=review > > > Source/WebKit/Shared/WebProcessCreationParameters.cpp:484 > > + parameters.restrictImageAndVideoDecoders = WTFMove(*restrictImageAndVideoDecoders); > > Not necessary to WTFMove a bool > > > Source/WebKit/Shared/WebProcessCreationParameters.h:207 > > Vector<SandboxExtension::Handle> videoDecoderExtensionHandles; > > Should this be #if PLATFORM(MAC) now? Yes, that is a very good point; I'll upload a follow-up patch. Thanks for reviewing!
Per Arne Vollan
Comment 11 2022-01-31 11:05:16 PST
Reopening to attach new patch.
Per Arne Vollan
Comment 12 2022-01-31 11:05:17 PST
Created attachment 450419 [details] Patch
EWS
Comment 13 2022-01-31 11:53:02 PST
Committed r288826 (246596@main): <https://commits.webkit.org/246596@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 450419 [details].
Note You need to log in before you can comment on or make changes to this bug.