Bug 207170

Summary: [iOS] Deny mach lookup to 'com.apple.webinspector' in the WebContent process.
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit2Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, pvollan, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 203214    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch for landing none

Description Brent Fulgham 2020-02-03 17:39:14 PST 
After Bug 203214 is complete, update the sandbox to remove the access.
Comment 1 Radar WebKit Bug Importer 2020-02-03 17:39:33 PST 
<rdar://problem/59134038>
Comment 2 Brent Fulgham 2020-03-19 13:57:49 PDT 
Created attachment 394018 [details]
Patch
Comment 3 Per Arne Vollan 2020-03-19 14:40:21 PDT 
Comment on attachment 394018 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=394018&action=review

R=me.

> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-641
> -;; Remote Web Inspector
> -(allow mach-lookup
> -       (global-name "com.apple.webinspector"))
> -

I don't believe we can remove it on macOS just yet.
Comment 4 Brent Fulgham 2020-03-20 17:16:40 PDT 
Comment on attachment 394018 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=394018&action=review

>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-641
>> -
> 
> I don't believe we can remove it on macOS just yet.

Really? The connection seems to be vended on macOS, too. What's missing?
Comment 5 Per Arne Vollan 2020-03-20 17:45:52 PDT 
Comment on attachment 394018 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=394018&action=review

>>> Source/WebKit/WebProcess/com.apple.WebProcess.sb.in:-641
>>> -
>> 
>> I don't believe we can remove it on macOS just yet.
> 
> Really? The connection seems to be vended on macOS, too. What's missing?

The code is enabled for macOS, but the method WebProcessProxy::enableRemoteInspectorIfNeeded() checks a preference which only exist on iOS, I believe.
Comment 6 Brent Fulgham 2020-03-26 13:09:58 PDT 
Created attachment 394648 [details]
Patch for landing
Comment 7 EWS 2020-03-26 13:33:42 PDT 
Committed r259072: <https://trac.webkit.org/changeset/259072>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 394648 [details].