Context Navigation

← Previous Changeset
Next Changeset →

Changeset 278952 in webkit

Timestamp:

Jun 16, 2021 1:12:00 PM (3 years ago)

Author:

Brent Fulgham

Message:

Sandbox profiles need to allow loading from /usr/appleinternal/lib on internal builds
https://bugs.webkit.org/show_bug.cgi?id=227079
<rdar://problem/79390957>

Reviewed by Per Arne Vollan.

We allow the specific directory "/usr/appleinternal/lib/sanitizers", but we actually need
access to "/usr/appleinternal/lib" in certain development environments.

GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb:
Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
WebProcess/com.apple.WebProcess.sb.in:

Location:

trunk/Source/WebKit

Files:

: 9 edited

ChangeLog (modified) (1 diff)
GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (modified) (1 diff)
NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (modified) (2 diffs)
Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (modified) (1 diff)
Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (modified) (1 diff)
Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb (modified) (1 diff)
Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (modified) (1 diff)
WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in (modified) (1 diff)
WebProcess/com.apple.WebProcess.sb.in (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/Source/WebKit/ChangeLog

-                      r278941
+                      r278952
+-06-16  Brent Fulgham  <bfulgham@apple.com>
+        Sandbox profiles need to allow loading from /usr/appleinternal/lib on internal builds
+        https://bugs.webkit.org/show_bug.cgi?id=227079
+        <rdar://problem/79390957>
+        Reviewed by Per Arne Vollan.
+        We allow the specific directory "/usr/appleinternal/lib/sanitizers", but we actually need
+        access to "/usr/appleinternal/lib" in certain development environments.
+        * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+        * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+        * WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
+        * WebProcess/com.apple.WebProcess.sb.in:
 -06-16  Alex Christensen  <achristensen@webkit.org>

trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in

-                      r277907
+                      r278952
     (subpath "/System/Library/PrivateFrameworks")
     (subpath "/usr/lib")
+    (subpath "/usr/appleinternal/lib/sanitizers"))
+    (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
 (allow file-read-metadata

trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in

-                      r277907
+                      r278952
        (subpath "/usr/lib")
        (subpath "/usr/local/lib/sanitizers") ;; FIXME(209820)
+       (subpath "/usr/appleinternal/lib/sanitizers"))
+       (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
 (allow file-read-metadata
 …
 (allow file-read*
        (subpath "/usr/local/lib/sanitizers") ;; FIXME(209820)
+       (subpath "/usr/appleinternal/lib/sanitizers"))
+       (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
 (allow file-write-create

trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb

-                      r278881
+                      r278952
             ;; <rdar://problem/8565035>
             ;; <rdar://problem/23857452>
+            ;; <rdar://problem/72317112>
             (allow file-read* file-map-executable
                    (subpath "/AppleInternal")
                    (subpath "/usr/local/lib")
                    (subpath "/usr/appleinternal/lib/sanitizers")))
+                   (subpath "/usr/appleinternal/lib")))
             (with-elevated-precedence
                 (allow file-read* file-map-executable file-issue-extension

trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb

-                      r277907
+                      r278952
             ;; <rdar://problem/8565035>
             ;; <rdar://problem/23857452>
+            ;; <rdar://problem/72317112>
             (allow file-read* file-map-executable
                    (subpath "/AppleInternal")
                    (subpath "/usr/local/lib")
                    (subpath "/usr/appleinternal/lib/sanitizers")))
+                   (subpath "/usr/appleinternal/lib")))
             (with-elevated-precedence
                 (allow file-read* file-map-executable file-issue-extension

trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb

-                      r278831
+                      r278952
         ;; <rdar://problem/8565035>
         ;; <rdar://problem/23857452>
+        ;; <rdar://problem/72317112>
         (allow file-read* file-map-executable
             (subpath
                 "/AppleInternal"
                 "/usr/local/lib"
                 "/usr/appleinternal/lib/sanitizers"
+                "/usr/appleinternal/lib"
+            )
+        )

trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in

-                      r278881
+                      r278952
             ;; <rdar://problem/8565035>
             ;; <rdar://problem/23857452>
+            ;; <rdar://problem/72317112>
             (allow file-read* file-map-executable
                    (subpath "/AppleInternal")
                    (subpath "/usr/local/lib")
                    (subpath "/usr/appleinternal/lib/sanitizers")))
+                   (subpath "/usr/appleinternal/lib")))
             (with-elevated-precedence
                 (allow file-read* file-map-executable file-issue-extension

trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in

-                      r277907
+                      r278952
     (subpath "/System/Library/PrivateFrameworks")
     (subpath "/usr/lib")
+    (subpath "/usr/appleinternal/lib/sanitizers"))
+    (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
 (allow file-read-metadata

trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

-                      r278929
+                      r278952
     (subpath "/usr/lib")
     (subpath "/usr/local/lib/sanitizers") ;; FIXME(209820)
+    (subpath "/usr/appleinternal/lib/sanitizers"))
+    (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
 (allow file-read-metadata

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 278952 in webkit

Legend:

Download in other formats: