Changeset 235411 in webkit


Ignore:
Timestamp:
Aug 27, 2018 4:47:40 PM (6 years ago)
Author:
pvollan@apple.com
Message:

[macOS] Block CoreServices in sandbox.
https://bugs.webkit.org/show_bug.cgi?id=189005
<rdar://problem/35369091>

Reviewed by Brent Fulgham.

The sandbox for the WebContent process should block CoreServices.

  • WebProcess/com.apple.WebProcess.sb.in:
Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r235408 r235411  
     12018-08-27  Per Arne Vollan  <pvollan@apple.com>
     2
     3        [macOS] Block CoreServices in sandbox.
     4        https://bugs.webkit.org/show_bug.cgi?id=189005
     5        <rdar://problem/35369091>
     6
     7        Reviewed by Brent Fulgham.
     8
     9        The sandbox for the WebContent process should block CoreServices.
     10
     11        * WebProcess/com.apple.WebProcess.sb.in:
     12
    1132018-08-27  Simon Fraser  <simon.fraser@apple.com>
    214

  • trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

    r234223 r235411  
    648648(allow mach-lookup
    649649    (global-name-regex #"^com.apple.distributed_notifications")                                                       
    650     (global-name "com.apple.CoreServices.coreservicesd"))
     650#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101400
     651    (global-name "com.apple.CoreServices.coreservicesd")
     652#endif
     653)
    651654(allow file-read-data
    652655    (literal "/dev/autofs_nowait")) ; Used by CF to circumvent automount triggers
Note: See TracChangeset for help on using the changeset viewer.