WebKit Bugzilla
Attachment 370597 Details for
Bug 198236
: Update sandbox rules for more News use cases
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-198236-20190524153327.patch (text/plain), 4.15 KB, created by
Brent Fulgham
on 2019-05-24 15:33:27 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Brent Fulgham
Created:
2019-05-24 15:33:27 PDT
Size:
4.15 KB
patch
obsolete
>Subversion Revision: 245756 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 2647646769e5367c0b410e9509f4485bb2731eac..dd3e688da75b3ad0bb7cc9a25ef0a3cfe9a67995 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,17 @@ >+2019-05-24 Brent Fulgham <bfulgham@apple.com> >+ >+ Update sandbox rules for more News use cases >+ https://bugs.webkit.org/show_bug.cgi?id=198236 >+ <rdar://problem/50054027> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Update the WebContent and Network process sandboxes so that News has the same set of allowed >+ service access as regular WebKit views. >+ >+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in: >+ * WebProcess/com.apple.WebProcess.sb.in: >+ > 2019-05-24 David Quesada <david_quesada@apple.com> > > Crash under WebCore::TimerBase::~TimerBase after a download is canceled >diff --git a/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in b/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in >index 06a13d4a3f2b58a55f5f272efb4d8f34d886dc50..4a883d43cd0741bdfb059c54602ac2a8e996acee 100644 >--- a/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in >+++ b/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in >@@ -1,4 +1,4 @@ >-; Copyright (C) 2013-2017 Apple Inc. All rights reserved. >+; Copyright (C) 2013-2019 Apple Inc. All rights reserved. > ; > ; Redistribution and use in source and binary forms, with or without > ; modification, are permitted provided that the following conditions >@@ -43,7 +43,7 @@ > > (deny iokit-get-properties) > >-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300 >+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300 || PLATFORM(IOSMAC) > (deny mach-lookup (xpc-service-name-prefix "")) > #endif > >@@ -57,7 +57,7 @@ > (define (home-literal home-relative-literal) > (literal (string-append (param "HOME_DIR") home-relative-literal))) > >-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300 >+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300 || PLATFORM(IOSMAC) > ;; CFNetwork > (allow file-read-data (path "/private/var/db/nsurlstoraged/dafsaData.bin")) > #endif >@@ -152,7 +152,7 @@ > (global-name "com.apple.FileCoordination") > (global-name "com.apple.PowerManagement.control") > (global-name "com.apple.SystemConfiguration.configd") >-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300 >+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300 || PLATFORM(IOSMAC) > (global-name "com.apple.analyticsd") > #endif > (global-name "com.apple.cookied") >diff --git a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in >index 07cad650466463b47e7d6208e80a899a85c953f2..50016c7edf31836d3e6c26c6fa0c27473f2c1380 100644 >--- a/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in >+++ b/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in >@@ -1,4 +1,4 @@ >-; Copyright (C) 2010-2018 Apple Inc. All rights reserved. >+; Copyright (C) 2010-2019 Apple Inc. All rights reserved. > ; > ; Redistribution and use in source and binary forms, with or without > ; modification, are permitted provided that the following conditions >@@ -114,7 +114,7 @@ > ;; CVMS > (allow mach-lookup > (global-name "com.apple.cvmsServ")) >-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400 >+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400 || PLATFORM(IOSMAC) > (allow file-read* > (prefix "/private/var/db/CVMS/cvmsCodeSignObj")) > #endif >@@ -636,7 +636,7 @@ > (global-name "com.apple.tccd") > (global-name "com.apple.tccd.system") > (global-name "com.apple.trustd.agent") >-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400 >+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400 || PLATFORM(IOSMAC) > (global-name "com.apple.CARenderServer") ; Needed for [CAContext remoteContextWithOptions] > #else > (global-name "com.apple.windowserver.active") >@@ -648,7 +648,7 @@ > (allow mach-lookup (xpc-service-name "com.apple.MTLCompilerService")) > #endif > >-#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400 >+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400 || PLATFORM(IOSMAC) > (deny mach-lookup (with no-log) > (global-name "com.apple.ViewBridgeAuxiliary") > (global-name "com.apple.windowserver.active"))
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370597">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
ap
:
review+
ap
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198236
: 370597