WebKit Bugzilla
Attachment 369744 Details for
Bug 197844
: Correct the sandbox to allow loading libraries from /Library/Apple
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-197844-20190513101311.patch (text/plain), 1.91 KB, created by
Brent Fulgham
on 2019-05-13 10:13:11 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Brent Fulgham
Created:
2019-05-13 10:13:11 PDT
Size:
1.91 KB
patch
obsolete
>Subversion Revision: 245196 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index a40a2d4d091ee84d090257e5e3635733ea3381f9..4bc107d8d4fc2ea35507aae341cb4c945997401b 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,15 @@ >+2019-05-13 Brent Fulgham <bfulgham@apple.com> >+ >+ Correct the sandbox to allow loading libraries from /Library/Apple >+ https://bugs.webkit.org/show_bug.cgi?id=197844 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Grant access to '/Library/Apple' as an appropriate place to load >+ system frameworks. >+ >+ * WebProcess/com.apple.WebProcess.sb.in: >+ > 2019-05-10 Brent Fulgham <bfulgham@apple.com> > > Streamline test-and-clear operation for ContextMenu >diff --git a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in >index 09b8eee344d5f65942199510adbd9b71e4491a9a..eab254edc018f33170cf92307762e3ce9b4e48b6 100644 >--- a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in >+++ b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in >@@ -40,6 +40,7 @@ > (allow file-read* > (require-all (file-mode #o0004) > (require-any (subpath "/Library/Filesystems/NetFSPlugins") >+ (subpath "/Library/Apple/System") > (subpath "/Library/Preferences/Logging") ; Logging Rethink > (subpath "/System") > (subpath "/private/var/db/dyld") >@@ -53,6 +54,15 @@ > (subpath "/AppleInternal/Library/Preferences/Logging") > (system-attribute apple-internal))) > >+;;; Allow mapping of system frameworks + dylibs >+(allow file-map-executable >+ (subpath "/Library/Apple/System/Library/Frameworks") >+ (subpath "/Library/Apple/System/Library/PrivateFrameworks") >+ (subpath "/System/Library/Frameworks") >+ (subpath "/System/Library/PrivateFrameworks") >+ (subpath "/usr/lib") >+ (literal "/usr/local/lib/sanitizers")) >+ > (allow file-read-metadata > (literal "/etc") > (literal "/tmp")
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=369744">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197844
: 369744