WebKit Bugzilla
Attachment 357240 Details for
Bug 192670
: [macOS] Block coreservicesd in sandbox.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-192670-20181213114529.patch (text/plain), 3.57 KB, created by
Per Arne Vollan
on 2018-12-13 11:45:29 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Per Arne Vollan
Created:
2018-12-13 11:45:29 PST
Size:
3.57 KB
patch
obsolete
>Index: Source/WebKit/ChangeLog >=================================================================== >--- Source/WebKit/ChangeLog (revision 239172) >+++ Source/WebKit/ChangeLog (working copy) >@@ -1,3 +1,23 @@ >+2018-12-13 Per Arne Vollan <pvollan@apple.com> >+ >+ [macOS] Block coreservicesd in sandbox. >+ https://bugs.webkit.org/show_bug.cgi?id=192670 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ We should block CoreServices in newer versions of macOS. In order to achieve this we need to avoid calling >+ _RegisterApplication before entering the sandbox, since this call will open up a connection to CoreServices. >+ The call to _RegisterApplication is moved to ChildProcess::updateProcessName, since it is needed to >+ successfully update the process name. The call to ChildProcess::updateProcessName is made after entering >+ the sandbox. >+ >+ * Shared/ChildProcess.cpp: >+ (WebKit::ChildProcess::initialize): >+ * WebProcess/cocoa/WebProcessCocoa.mm: >+ (WebKit::WebProcess::initializeProcessName): >+ (WebKit::WebProcess::platformInitializeProcess): >+ * WebProcess/com.apple.WebProcess.sb.in: >+ > 2018-12-13 Per Arne Vollan <pvollan@apple.com> > > [macOS] Remove with-report from 3 services that are currently needed on macOS >Index: Source/WebKit/Shared/ChildProcess.cpp >=================================================================== >--- Source/WebKit/Shared/ChildProcess.cpp (revision 238804) >+++ Source/WebKit/Shared/ChildProcess.cpp (working copy) >@@ -71,11 +71,12 @@ void ChildProcess::initialize(const Chil > #endif > > initializeProcess(parameters); >- initializeProcessName(parameters); > > SandboxInitializationParameters sandboxParameters; > initializeSandbox(parameters, sandboxParameters); > >+ initializeProcessName(parameters); >+ > // In WebKit2, only the UI process should ever be generating non-default PAL::SessionIDs. > PAL::SessionID::enableGenerationProtection(); > >Index: Source/WebKit/WebProcess/com.apple.WebProcess.sb.in >=================================================================== >--- Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (revision 238804) >+++ Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (working copy) >@@ -662,7 +662,7 @@ > ;; CoreFoundation. We don't import com.apple.corefoundation.sb, because it allows unnecessary access to pasteboard. > (allow mach-lookup > (global-name-regex #"^com.apple.distributed_notifications") >-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101400 >+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101500 > (global-name "com.apple.CoreServices.coreservicesd") > #endif > ) >Index: Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm >=================================================================== >--- Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (revision 238804) >+++ Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (working copy) >@@ -212,6 +212,9 @@ void WebProcess::platformInitializeWebPr > void WebProcess::initializeProcessName(const ChildProcessInitializationParameters&) > { > #if PLATFORM(MAC) >+ // This is necessary so that we are able to set the process' display name. >+ _RegisterApplication(nullptr, nullptr); >+ > updateProcessName(); > #endif > } >@@ -361,10 +364,6 @@ void WebProcess::platformInitializeProce > CGSShutdownServerConnections(); > > SwitchingGPUClient::setSingleton(WebSwitchingGPUClient::singleton()); >- >- // This is necessary so that we are able to set the process' display name. >- _RegisterApplication(nullptr, nullptr); >- > #else > > if (![NSApp isRunning]) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=357240">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 192670
:
357240
|
359277
|
359280
|
361411
|
361431
|
361433
|
361453