| Summary: | Remove Mobile Asset access from the WebContent process | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Brent Fulgham <bfulgham> | ||||||
| Component: | WebKit2 | Assignee: | Brent Fulgham <bfulgham> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | bfulgham, pvollan, webkit-bug-importer | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | WebKit Nightly Build | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Attachments: |
|
||||||||
|
Description
Brent Fulgham
2020-03-19 13:44:15 PDT
Created attachment 394017 [details]
Patch
Comment on attachment 394017 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=394017&action=review R=me. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:-119 > - (allow mach-lookup (with telemetry-backtrace) > - (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2")) Should we deny (with telemetry-backtrace), in case there are some really rare cases of access we didn't catch? Created attachment 394026 [details]
Patch for landing
(In reply to Per Arne Vollan from comment #3) > Comment on attachment 394017 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=394017&action=review > > R=me. > > > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:-119 > > - (allow mach-lookup (with telemetry-backtrace) > > - (global-name "com.apple.mobileassetd" "com.apple.mobileassetd.v2")) > > Should we deny (with telemetry-backtrace), in case there are some really > rare cases of access we didn't catch? Good idea -- I've done so in the patch for cq. Committed r258736: <https://trac.webkit.org/changeset/258736> All reviewed patches have been landed. Closing bug and clearing flags on attachment 394026 [details]. |