Changeset 245246 in webkit


Ignore:
Timestamp:
May 13, 2019 12:53:44 PM (5 years ago)
Author:
Brent Fulgham
Message:

Correct the sandbox to allow loading libraries from /Library/Apple
https://bugs.webkit.org/show_bug.cgi?id=197844

Reviewed by Per Arne Vollan.

Grant access to '/Library/Apple' as an appropriate place to load
system frameworks.

  • WebProcess/com.apple.WebProcess.sb.in:
Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r245245 r245246  
     12019-05-13  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Correct the sandbox to allow loading libraries from /Library/Apple
     4        https://bugs.webkit.org/show_bug.cgi?id=197844
     5
     6        Reviewed by Per Arne Vollan.
     7
     8        Grant access to '/Library/Apple' as an appropriate place to load
     9        system frameworks.
     10
     11        * WebProcess/com.apple.WebProcess.sb.in:
     12
    1132019-05-13  Chris Dumez  <cdumez@apple.com>
    214

  • trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

    r245041 r245246  
    4141    (require-all (file-mode #o0004)
    4242    (require-any (subpath "/Library/Filesystems/NetFSPlugins")
     43    (subpath "/Library/Apple/System")
    4344    (subpath "/Library/Preferences/Logging")      ; Logging Rethink
    4445    (subpath "/System")
     
    5354    (subpath "/AppleInternal/Library/Preferences/Logging")
    5455    (system-attribute apple-internal)))
     56
     57;;; Allow mapping of system frameworks + dylibs
     58(allow file-map-executable
     59    (subpath "/Library/Apple/System/Library/Frameworks")
     60    (subpath "/Library/Apple/System/Library/PrivateFrameworks")
     61    (subpath "/System/Library/Frameworks")
     62    (subpath "/System/Library/PrivateFrameworks")
     63    (subpath "/usr/lib")
     64    (literal "/usr/local/lib/sanitizers"))
    5565
    5666(allow file-read-metadata
Note: See TracChangeset for help on using the changeset viewer.