Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[macOS] Update sandboxes to reduce logging for media-related operations 
https://bugs.webkit.org/show_bug.cgi?id=213210
<rdar://problem/64376237>

Reviewed by Per Arne Vollan.

Ongoing testing has uncovered a set of additional services and IOKit
properties that we should allow without logging.

* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::mediaRelatedMachServices):
* WebProcess/com.apple.WebProcess.sb.in:


Canonical link: https://commits.webkit.org/225999@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@263061 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
@brentfulgham
brentfulgham committed Jun 15, 2020
1 parent 03a14f8 commit 236bd52
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 3 deletions.
16 changes: 16 additions & 0 deletions Source/WebKit/ChangeLog
View file
@@ -1,3 +1,19 @@
2020-06-15 Brent Fulgham <bfulgham@apple.com>

[macOS] Update sandboxes to reduce logging for media-related operations
https://bugs.webkit.org/show_bug.cgi?id=213210
<rdar://problem/64376237>

Reviewed by Per Arne Vollan.

Ongoing testing has uncovered a set of additional services and IOKit
properties that we should allow without logging.

* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::mediaRelatedMachServices):
* WebProcess/com.apple.WebProcess.sb.in:

2020-06-15 Alex Christensen <achristensen@webkit.org>

Provide alternatively-named SPI for user style sheets and scripts
Expand Down
1 change: 1 addition & 0 deletions Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in
View file
Expand Up @@ -181,6 +181,7 @@
"kern.tcsm_available" ;; Needed for IndexedDB support.
"kern.ostype"
"kern.version"
"sysctl.name2oid"
"vm.footprint_suspend")
(sysctl-name-regex #"^net.routetable")
)
Expand Down
4 changes: 2 additions & 2 deletions Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
View file
Expand Up @@ -217,13 +217,13 @@ static bool isInternalInstall()
ASSERT(isMainThread());
static const auto services = makeNeverDestroyed(Vector<String> {
"com.apple.audio.AudioComponentPrefs", "com.apple.audio.AudioComponentRegistrar",
"com.apple.audio.AudioQueueServer", "com.apple.coremedia.endpoint.xpc",
"com.apple.audio.AudioQueueServer", "com.apple.audio.toolbox.reporting.service", "com.apple.coremedia.endpoint.xpc",
"com.apple.coremedia.routediscoverer.xpc", "com.apple.coremedia.routingcontext.xpc",
"com.apple.coremedia.volumecontroller.xpc", "com.apple.accessibility.mediaaccessibilityd",
"com.apple.mediaremoted.xpc",
#if PLATFORM(IOS_FAMILY)
"com.apple.audio.AudioSession", "com.apple.MediaPlayer.RemotePlayerService",
"com.apple.audio.toolbox.reporting.service", "com.apple.coremedia.admin",
"com.apple.coremedia.admin",
"com.apple.coremedia.asset.xpc", "com.apple.coremedia.assetimagegenerator.xpc",
"com.apple.coremedia.audiodeviceclock.xpc", "com.apple.coremedia.audioprocessingtap.xpc",
"com.apple.coremedia.capturesession", "com.apple.coremedia.capturesource",
Expand Down
6 changes: 5 additions & 1 deletion Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
View file
Expand Up @@ -180,6 +180,7 @@
"kern.version"
"machdep.cpu.brand_string"
"security.mac.sandbox.sentinel"
"sysctl.name2oid"
"kern.tcsm_enable"
"kern.tcsm_available"
"vm.footprint_suspend")
Expand Down Expand Up @@ -234,6 +235,8 @@
(iokit-property "Formats")
(iokit-property "GPUConfigurationVariable")
(iokit-property "GpuDebugPolicy")
(iokit-property "GPURawCounterBundleName")
(iokit-property "GPURawCounterPluginClassName")
(iokit-property "HEVCSupported")
(iokit-property "HIDPointerAccelerationType")
(iokit-property-regex #"^IOAccel(DisplayPipeCapabilities|Index|Types|Revision)")
Expand Down Expand Up @@ -285,6 +288,7 @@
(iokit-property "IOParentMatch")
(iokit-property-regex #"^IOPCI((Class|Primary|Property|)Match|Express(Capabilities|Link(Status|Capabilities))|MSIMode|Resourced|Tunnelled)")
(iokit-property "IOPMIsPowerManaged")
(iokit-property "IOPersonalityPublisher")
(iokit-property-regex #"^IOPlatform(SerialNumber|UUID)")
(iokit-property "IOPowerManagement")
(iokit-property "IOProbeScore")
Expand Down Expand Up @@ -925,7 +929,7 @@
(extension "com.apple.webkit.extension.mach")
(xpc-service-name
;;; FIXME(207716): The following should be removed when the GPU process is complete
"com.apple.accessibility.mediaaccessibilityd" "com.apple.coremedia.videodecoder" "com.apple.coremedia.videoencoder"
"com.apple.accessibility.mediaaccessibilityd" "com.apple.audio.toolbox.reporting.service" "com.apple.coremedia.videodecoder" "com.apple.coremedia.videoencoder"
;;; FIXME(207716): End services to remove.
)
)
Expand Down

0 comments on commit 236bd52

Please sign in to comment.