Google Git
Sign in
webkit / WebKit / 46f41e9fb96f0ecda22591deedea42a83ad6f0ed^! / .
commit46f41e9fb96f0ecda22591deedea42a83ad6f0ed[log] [tgz]
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Wed May 15 22:27:09 2019 +0000
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>Wed May 15 22:27:09 2019 +0000
treea24cff6d0befc89e2d468b35f743ca4f4a408f1d
parent55a6bedd7b8ccd56181a665aa0a3bc3e80a43050 [diff]
Revise sandbox to allow IOKit properties needed by Metal and LaunchServices
https://bugs.webkit.org/show_bug.cgi?id=197924
<rdar://problem/50823976>

Reviewed by Per Arne Vollan.

Update sandbox to allow access to some IOKit properties to avoid sandbox violations that could
lower performance or increase launch times:

* WebProcess/com.apple.WebProcess.sb.in:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@245360 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index 9aed2e1..80bf8a3 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog

@@ -1,3 +1,16 @@
+2019-05-15  Brent Fulgham  <bfulgham@apple.com>
+
+        Revise sandbox to allow IOKit properties needed by Metal and LaunchServices
+        https://bugs.webkit.org/show_bug.cgi?id=197924
+        <rdar://problem/50823976>
+
+        Reviewed by Per Arne Vollan.
+
+        Update sandbox to allow access to some IOKit properties to avoid sandbox violations that could
+        lower performance or increase launch times:
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2019-05-15  Chris Dumez  <cdumez@apple.com>
 
         Unreviewed, fix assertion introduced in r245339.

diff --git a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
index af6f30a..c4578b2 100644
--- a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
+++ b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

@@ -211,6 +211,8 @@
     (iokit-property-regex #"Apple(GVAKeyDoesNotExist|IntelMEVABundleName)")
     (iokit-property-regex #"^AAPL,(DisplayPipe|OpenCLdisabled|IOGraphics_LER(|_RegTag_1|_RegTag_0|_Busy_2)|alias-policy|boot-display|display-alias|mux-switch-state|ndrv-dev|primary-display|slot-name)")
     (iokit-property-regex #"^ATY,(cbits|fb_(linebytes|offset|size)|intrev)")
+    (iokit-property "ATY,DeviceName") ;; Needed by Metal compilers
+    (iokit-property "ATY,FamilyName") ;; Ditto
     (iokit-property "AVCSupported")
     (iokit-property "BacklightHandle")
     (iokit-property "BlockSize")
@@ -353,16 +355,19 @@
     (iokit-property "device_type")
     (iokit-property "dpm")
     (iokit-property "errordb") ;; Needed for OpenGL on older hardware
+    (iokit-property "filevault-image") ;; Needed by LaunchServices
     (iokit-property "graphic-options")
     (iokit-property "hda-gfx")
     (iokit-property-regex #"^id(Product|Vendor)")
     (iokit-property "iofb_version")
     (iokit-property "image-encrypted")
+    (iokit-property "image-path") ;; Needed by LaunchServices
     (iokit-property "locationID") ;; Needed for Audio support on older hardware
     (iokit-property "model")
     (iokit-property "mt-device-id")
     (iokit-property "name")
     (iokit-property "nv-stats")
+    (iokit-property "od-server-name") ;; Needed by LaunchServices
     (iokit-property-regex #"^parser-(options|type)")
     (iokit-property-regex #"^pci(-aspm-default|debug)")
     (iokit-property "port-number")