Attachment 348198 Details for Bug 189005 – Patch

[patch] Patch

bug-189005-20180827142616.patch (text/plain), 1.48 KB, created by Per Arne Vollan on 2018-08-27 14:26:16 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Per Arne Vollan

Created: 2018-08-27 14:26:16 PDT

Size: 1.48 KB

patch

obsolete

>Index: Source/WebKit/ChangeLog
>===================================================================
>--- Source/WebKit/ChangeLog	(revision 235400)
>+++ Source/WebKit/ChangeLog	(working copy)
>@@ -1,3 +1,14 @@
>+2018-08-27  Per Arne Vollan  <pvollan@apple.com>
>+
>+        [macOS] Block CoreServices in sandbox.
>+        https://bugs.webkit.org/show_bug.cgi?id=189005
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        The sandbox for the WebContent process should block CoreServices.
>+
>+        * WebProcess/com.apple.WebProcess.sb.in:
>+
> 2018-08-27  Alex Christensen  <achristensen@webkit.org>
> 
>         Pass webPageID and webFrameID to NetworkLoad for speculative loads
>Index: Source/WebKit/WebProcess/com.apple.WebProcess.sb.in
>===================================================================
>--- Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	(revision 235387)
>+++ Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	(working copy)
>@@ -647,7 +647,10 @@
> ;; CoreFoundation. We don't import com.apple.corefoundation.sb, because it allows unnecessary access to pasteboard.
> (allow mach-lookup
>     (global-name-regex #"^com.apple.distributed_notifications")                                                       
>-    (global-name "com.apple.CoreServices.coreservicesd"))
>+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101400
>+    (global-name "com.apple.CoreServices.coreservicesd")
>+#endif
>+)
> (allow file-read-data
>     (literal "/dev/autofs_nowait")) ; Used by CF to circumvent automount triggers
> (allow ipc-posix-shm

Actions: View | Formatted Diff | Diff

Attachments on bug 189005: 348198 | 348200