Changeset 285723 in webkit


Ignore:
Timestamp:
Nov 12, 2021, 8:38:59 AM (4 years ago)
Author:
pvollan@apple.com
Message:

[macOS][GPUP] Remove sandbox write access to files
https://bugs.webkit.org/show_bug.cgi?id=232247
<rdar://problem/84620023>

Reviewed by Brent Fulgham.

Based on telemetry, remove sandbox write access to files in the GPU process on macOS.

  • GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r285722 r285723  
     12021-11-12  Per Arne Vollan <pvollan@apple.com>
     2
     3        [macOS][GPUP] Remove sandbox write access to files
     4        https://bugs.webkit.org/show_bug.cgi?id=232247
     5        <rdar://problem/84620023>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        Based on telemetry, remove sandbox write access to files in the GPU process on macOS.
     10
     11        * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
     12
    1132021-11-12  Per Arne Vollan <pvollan@apple.com>
    214

  • trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in

    r285721 r285723  
    7575    (literal "/private/etc/passwd"))
    7676
    77 (allow file-write-data (with telemetry)
    78     (literal "/dev/null")
    79     (literal "/dev/zero"))
    80 
    81 (allow file-read*
     77(allow file-read* file-write-data file-ioctl
    8278    (literal "/dev/dtracehelper"))
    83 (allow file-write-data
    84        file-ioctl (with telemetry)
    85     (literal "/dev/dtracehelper"))
    86 
    87 ;;; Allow creation of core dumps.
    88 (allow file-write-create (with telemetry)
    89     (require-all (prefix "/cores/")
    90         (vnode-type REGULAR-FILE)))
    9179
    9280;;; Allow IPC to standard system agents.
Note: See TracChangeset for help on using the changeset viewer.