[macOS][WP] Block access to unused system calls

https://bugs.webkit.org/show_bug.cgi?id=234003

Reviewed by Brent Fulgham.

Based on telemetry, block access to unused system calls in the WebContent process on macOS.

* WebProcess/com.apple.WebProcess.sb.in:



Canonical link: https://commits.webkit.org/245019@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@286778 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog

@@ -1,3 +1,14 @@
+2021-12-09  Per Arne Vollan  <pvollan@apple.com>
+
+        [macOS][WP] Block access to unused system calls
+        https://bugs.webkit.org/show_bug.cgi?id=234003
+
+        Reviewed by Brent Fulgham.
+
+        Based on telemetry, block access to unused system calls in the WebContent process on macOS.
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2021-12-09  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, reverting r286764.

Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

@@ -1896,6 +1896,8 @@
     (syscall-number
         SYS___disable_threadsignal
         SYS___mac_syscall
+        SYS___pthread_sigmask
+        SYS___semwait_signal
         SYS_access
         SYS_bsdthread_create
         SYS_bsdthread_ctl
@@ -1906,6 +1908,7 @@
         SYS_csops_audittoken
         SYS_csrctl
         SYS_exit
+        SYS_faccessat ;; <rdar://problem/56690456>
         SYS_fcntl
         SYS_fcntl_nocancel
         SYS_fgetxattr
@@ -1938,6 +1941,8 @@
         SYS_kdebug_trace_string ;; Needed for performance sampling, see <rdar://problem/48829655>.
         SYS_kevent_id
         SYS_kevent_qos
+        SYS_kqueue_workloop_ctl ;; <rdar://problem/50999499>
+        SYS_listxattr
         SYS_lseek
         SYS_lstat64
         SYS_madvise
@@ -1959,114 +1964,60 @@
         SYS_psynch_cvwait
         SYS_psynch_mutexdrop
         SYS_psynch_mutexwait
+        SYS_psynch_rw_unlock
+        SYS_psynch_rw_wrlock
         SYS_read
         SYS_read_nocancel
         SYS_readlink
         SYS_rename
+        SYS_sendto
+        SYS_sigprocmask
         SYS_stat64
         SYS_statfs64
+        SYS_socket
         SYS_sysctlbyname
         SYS_thread_selfid
         SYS_ulock_wait
         SYS_ulock_wake
+        SYS_umask
+        SYS_work_interval_ctl
         SYS_workq_kernreturn
         SYS_write_nocancel
         SYS_writev))
 
 (define (syscall-unix-intel)
     (syscall-number
-        SYS___pthread_sigmask
-        SYS___semwait_signal
-        SYS_faccessat ;; <rdar://problem/56690456>
-        SYS_kqueue_workloop_ctl ;; <rdar://problem/50999499>
-        SYS_listxattr
-        SYS_psynch_rw_unlock
-        SYS_psynch_rw_wrlock
-        SYS_sendto
-        SYS_sigaltstack
-        SYS_sigprocmask
-        SYS_socket
-        SYS_umask
-        SYS_work_interval_ctl))
+        SYS_sigaltstack))
 
 (define (syscall-unix-apple-silicon)
     (syscall-number
         SYS_guarded_open_dprotected_np ;; <rdar://problem/65897905>
         SYS_mremap_encrypted))
 
-(define (syscalls-possibly-unused)
+(define (syscalls-rarely-used)
     (syscall-number
         SYS___pthread_kill
-        SYS___pthread_markcancel
         SYS___semwait_signal_nocancel
-        SYS_abort_with_payload
         SYS_change_fdguard_np
         SYS_chmod
-        SYS_chmod_extended
         SYS_connect
-        SYS_connect_nocancel
-        SYS_connectx
-        SYS_dup
         SYS_fchmod
-        SYS_fgetattrlist ;; <rdar://problem/50931110>
-        SYS_fileport_makeport
-        SYS_fstat64_extended ;; <rdar://problem/61310019>
         SYS_fsync
         SYS_getegid
-        SYS_getpeername
         SYS_getpriority ;; rdar://81727094. Required for CoreAudio AudioOutputUnitStart call. Remove when GPU process is enabled by default.
-        SYS_getsockopt
-        SYS_gettid ;; Needed for base system, see <rdar://problem/48651255>
         SYS_guarded_close_np
         SYS_guarded_open_np
         SYS_guarded_pwrite_np
-        SYS_guarded_write_np
         SYS_kdebug_typefilter
-        SYS_kevent
-        SYS_kqueue ;; <rdar://problem/49609201>
-        SYS_lstat64_extended
-        SYS_lstat_extended
-        SYS_memorystatus_control ;; Needed for memory measurement infrastructure, see <rdar://problem/48647263>
-        SYS_mkdirat
         SYS_mlock
         SYS_munlock
         SYS_necp_client_action
         SYS_necp_open
-        SYS_open_dprotected_np ;; <rdar://problem/74473824>
         SYS_openat_nocancel
-        SYS_pipe
         SYS_proc_rlimit_control
-        SYS_process_policy
-        SYS_psynch_rw_rdlock ;; <rdar://problem/49060359>
-        SYS_pwrite
-        SYS_quotactl ;; <rdar://problem/49945031>
-        SYS_recvfrom
-        SYS_recvfrom_nocancel
-        SYS_rmdir
-        SYS_select
-        SYS_select_nocancel
-        SYS_sem_post
-        SYS_sem_wait
-        SYS_sendmsg_nocancel
-        SYS_sendto_nocancel
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 120000
-        SYS_setattrlist ;; rdar://problem/74162777
-#endif
-        SYS_setpriority
-        SYS_setrlimit
-        SYS_setsockopt
         SYS_shm_open
-        SYS_shutdown
         SYS_sigaction
-        SYS_sigreturn
-        SYS_socketpair
-        SYS_stat64_extended ;; <rdar://problem/50473330>
         SYS_sysctl
-        SYS_terminate_with_payload ;; <rdar://problem/50026580>
-        SYS_thread_selfusage
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 110000
-        SYS_ulock_wait2 ;; <rdar://problem/58743778>
-#endif
         SYS_unlink
         SYS_write))
 
@@ -2078,13 +2029,7 @@
     (if (equal? (param "CPU") "arm64")
         (begin
             (allow syscall-unix
-                (syscall-unix-apple-silicon))
-            (allow syscall-unix
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
-                (with telemetry-backtrace)
-#endif
-                (syscall-unix-intel)))
-
+                (syscall-unix-apple-silicon)))
         (begin
             (allow syscall-unix
                 (syscall-unix-intel))))
@@ -2093,7 +2038,7 @@
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
         (with telemetry-backtrace)
 #endif
-        (syscalls-possibly-unused))
+        (syscalls-rarely-used))
 
 #if __MAC_OS_X_VERSION_MIN_REQUIRED > 101500
     (if (defined? 'SYS_objc_bp_assist_cfg_np)
@@ -2220,6 +2165,7 @@
         MSC__kernelrpc_mach_port_deallocate_trap
         MSC__kernelrpc_mach_port_destruct_trap
         MSC__kernelrpc_mach_port_extract_member_trap
+        MSC__kernelrpc_mach_port_get_attributes_trap
         MSC__kernelrpc_mach_port_guard_trap
         MSC__kernelrpc_mach_port_insert_member_trap
         MSC__kernelrpc_mach_port_insert_right_trap
@@ -2244,46 +2190,18 @@
         MSC_mk_timer_destroy
         MSC_pid_for_task
         MSC_semaphore_signal_trap
+        MSC_semaphore_timedwait_trap
         MSC_semaphore_wait_trap
+        MSC_swtch_pri
         MSC_syscall_thread_switch
         MSC_task_name_for_pid
-        MSC_thread_get_special_reply_port))
-
-(define (syscall-mach-intel)
-    (machtrap-number
-        MSC_semaphore_timedwait_trap
+        MSC_thread_get_special_reply_port
         MSC_thread_self_trap))
 
-(define (syscall-mach-apple-silicon)
-    (machtrap-number
-        MSC__kernelrpc_mach_port_get_attributes_trap
-        MSC_swtch_pri))
-
 (when (and (equal? (param "ENABLE_SANDBOX_MESSAGE_FILTER") "YES") (defined? 'syscall-mach))
     (allow syscall-mach
         (syscall-mach-common))
 
-    (if (equal? (param "CPU") "arm64")
-        (begin
-            (allow syscall-mach
-                (syscall-mach-apple-silicon))
-            (allow syscall-mach
-                (with telemetry)
-                (syscall-mach-intel)))
-        (begin
-            (allow syscall-mach
-                (syscall-mach-intel))
-            (allow syscall-mach
-                (with telemetry)
-                (syscall-mach-apple-silicon))))
-
-    (allow syscall-mach
-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 120000
-        (with telemetry-backtrace)
-#endif
-        (machtrap-number
-            MSC_mach_msg_overwrite_trap)))
-
     (when (defined? 'MSC_mach_msg2_trap)
         (allow syscall-mach
             (machtrap-number MSC_mach_msg2_trap)