Attachment 349092 Details for Bug 189385 – Patch

[patch] Patch

bug-189385-20180906164912.patch (text/plain), 3.26 KB, created by Brent Fulgham on 2018-09-06 16:49:13 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Brent Fulgham

Created: 2018-09-06 16:49:13 PDT

Size: 3.26 KB

patch

obsolete

>Subversion Revision: 235744
>diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
>index 5bb49f071fa33134f5a5761841b9aac7caa478e1..d3592633bed472b5323b7b2f93958c3631d20fac 100644
>--- a/Source/WebKit/ChangeLog
>+++ b/Source/WebKit/ChangeLog
>@@ -1,3 +1,15 @@
>+2018-09-06  Brent Fulgham  <bfulgham@apple.com>
>+
>+        [iOS] Move default mach-lookup deny to after common.sb is imported
>+        https://bugs.webkit.org/show_bug.cgi?id=189385
>+        <rdar://problem/43624193>
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Move the 'deny mach-lookup' call later in the file.
>+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb: Ditto.
>+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Ditto.
>+
> 2018-09-06  Frederic Wang  <fwang@igalia.com>
> 
>         Use more generic names than "overflow" for functions that can be used for subframes
>diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
>index 28987764b13d570f69362c370d27d01aadfb90f2..ceefddf809549d45922cc54bbdffc11c8d3db689 100644
>--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
>+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
>@@ -25,10 +25,10 @@
> (deny default (with partial-symbolication))
> (allow system-audit file-read-metadata)
> 
>-(deny mach-lookup (xpc-service-name-prefix ""))
>-
> (import "common.sb")
> 
>+(deny mach-lookup (xpc-service-name-prefix #""))
>+
> (deny lsopen)
> 
> (deny sysctl*)
>diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb
>index e89d757e4a18f5aedea9134edbb70be6b39fbd4d..df9783b171c0fde7f68222eb2b1ee8dcb7065579 100644
>--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb
>+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb
>@@ -1,4 +1,4 @@
>-; Copyright (C) 2014 Apple Inc. All rights reserved.
>+; Copyright (C) 2014-2018 Apple Inc. All rights reserved.
> ;
> ; Redistribution and use in source and binary forms, with or without
> ; modification, are permitted provided that the following conditions
>@@ -25,10 +25,10 @@
> (deny default (with partial-symbolication))
> (allow system-audit file-read-metadata)
> 
>-(deny mach-lookup (xpc-service-name-prefix ""))
>-
> (import "common.sb")
> 
>+(deny mach-lookup (xpc-service-name-prefix #""))
>+
> (deny lsopen)
> 
> (allow file-read* file-write* (extension "com.apple.app-sandbox.read-write"))
>diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
>index 3a973d0464ad482a5373f3059bcb5da8e4778513..1ed824f949b6dbc41dc4916811a051d341f2a44b 100644
>--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
>+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
>@@ -25,10 +25,10 @@
> (deny default (with partial-symbolication))
> (allow system-audit file-read-metadata)
> 
>-(deny mach-lookup (xpc-service-name-prefix ""))
>-
> (import "common.sb")
> 
>+(deny mach-lookup (xpc-service-name-prefix #""))
>+
> (deny lsopen)
> 
> ;;;

Actions: View | Formatted Diff | Diff

Attachments on bug 189385: 349092