Bug 207170

Summary: [iOS] Deny mach lookup to 'com.apple.webinspector' in the WebContent process.
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit2Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, pvollan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 203214    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch for landing none

Brent Fulgham
Reported 2020-02-03 17:39:14 PST
After Bug 203214 is complete, update the sandbox to remove the access.
Attachments
Patch (3.69 KB, patch)
2020-03-19 13:57 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch for landing (3.06 KB, patch)
2020-03-26 13:09 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-02-03 17:39:33 PST
<rdar://problem/59134038>
Brent Fulgham
Comment 2 2020-03-19 13:57:49 PDT
Created attachment 394018 [details] Patch
Per Arne Vollan
Comment 3 2020-03-19 14:40:21 PDT
Comment on attachment 394018 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=394018&action=review R=me. > Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-641 > -;; Remote Web Inspector > -(allow mach-lookup > - (global-name "com.apple.webinspector")) > - I don't believe we can remove it on macOS just yet.
Brent Fulgham
Comment 4 2020-03-20 17:16:40 PDT
Comment on attachment 394018 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=394018&action=review >> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-641 >> - > > I don't believe we can remove it on macOS just yet. Really? The connection seems to be vended on macOS, too. What's missing?
Per Arne Vollan
Comment 5 2020-03-20 17:45:52 PDT
Comment on attachment 394018 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=394018&action=review >>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-641 >>> - >> >> I don't believe we can remove it on macOS just yet. > > Really? The connection seems to be vended on macOS, too. What's missing? The code is enabled for macOS, but the method WebProcessProxy::enableRemoteInspectorIfNeeded() checks a preference which only exist on iOS, I believe.
Brent Fulgham
Comment 6 2020-03-26 13:09:58 PDT
Created attachment 394648 [details] Patch for landing
EWS
Comment 7 2020-03-26 13:33:42 PDT
Committed r259072: <https://trac.webkit.org/changeset/259072> All reviewed patches have been landed. Closing bug and clearing flags on attachment 394648 [details].
Note You need to log in before you can comment on or make changes to this bug.