Context Navigation

Changeset 291982 in webkit

Timestamp:

Mar 28, 2022 12:33:54 PM (2 years ago)

Author:

pvollan@apple.com

Message:

[iOS] Fix sandbox violation related to Network content filtering
https://bugs.webkit.org/show_bug.cgi?id=238458
<rdar://90927474>

Reviewed by Brent Fulgham.

After enabling Network content filtering in the Network process, a related sandbox rule should
be moved to the Network process' sandbox.

Location:

trunk/Source/WebKit

Files:

-                      r291980
+                      r291982
+-03-28  Per Arne Vollan  <pvollan@apple.com>
+        [iOS] Fix sandbox violation related to Network content filtering
+        https://bugs.webkit.org/show_bug.cgi?id=238458
+        <rdar://90927474>
+        Reviewed by Brent Fulgham.
+        After enabling Network content filtering in the Network process, a related sandbox rule should
+        be moved to the Network process' sandbox.
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
 -03-28  Devin Rousso  <drousso@apple.com>

-                      r291943
+                      r291982
         (prefix "/private/var/db/com.apple.networkextension.")
+    )
+#if ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
+    (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
+#endif
     (allow mach-lookup

-                      r291943
+                      r291982
 (allow file-map-executable)
+#if !ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
 ;; Allow ManagedPreference access
 (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
+#endif
 (allow file-read-data

Note: See TracChangeset for help on using the changeset viewer.