Changeset 246702 in webkit


Ignore:
Timestamp:
Jun 21, 2019 3:52:52 PM (5 years ago)
Author:
Brent Fulgham
Message:

Adjust sandboxes based on seed feedback
https://bugs.webkit.org/show_bug.cgi?id=199119
<rdar://problem/50164879>

Reviewed by Geoffrey Garen.

Update our sandboxes to address test failures and bugs encountered during initial iOS 13 and
macOS Catalina testing.

  • NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
  • Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
  • Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
  • WebProcess/com.apple.WebProcess.sb.in:
Location:
trunk/Source/WebKit
Files:
5 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r246701 r246702  
     12019-06-21  Brent Fulgham  <bfulgham@apple.com>
     2
     3        Adjust sandboxes based on seed feedback
     4        https://bugs.webkit.org/show_bug.cgi?id=199119
     5        <rdar://problem/50164879>
     6
     7        Reviewed by Geoffrey Garen.
     8
     9        Update our sandboxes to address test failures and bugs encountered during initial iOS 13 and
     10        macOS Catalina testing.
     11
     12        * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
     13        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
     14        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
     15        * WebProcess/com.apple.WebProcess.sb.in:
     16
    1172019-06-21  Jiewen Tan  <jiewen_tan@apple.com>
    218

  • trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in

    r245822 r246702  
    9393        "com.apple.ist.ds.appleconnect2.uat" ;; Remove after <rdar://problem/35542803> ships
    9494        "com.apple.networkConnect"))
     95
    9596(allow file-read*
    9697    ;; Basic system paths
     98    (subpath "/Library/Fonts") ;; Needed to serialize font data types <rdar://problem/50164879>
    9799    (subpath "/Library/Frameworks")
    98100    (subpath "/Library/Managed Preferences")

  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb

    r245979 r246702  
    7373)
    7474
     75;; Read-only preferences and data
     76(allow file-read*
     77    ;; Basic system paths
     78    (subpath "/Library/Fonts") ;; Needed to serialize font data types <rdar://problem/50164879>
     79)
     80
    7581;; Security framework
    7682(allow mach-lookup

  • trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

    r246204 r246702  
    289289    (iokit-property "class-code")
    290290    (iokit-property "color-accuracy-index")
     291    (iokit-property "compatible") ;; <rdar://problem/47523516>
    291292    (iokit-property "compatible-device-fallback") ;; <rdar://problem/49497720>
    292293    (iokit-property "device-colors") ;; <rdar://problem/51322072>

  • trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

    r246077 r246702  
    168168        "kern.maxfilesperproc"
    169169        "kern.memorystatus_level"
     170        "kern.osproductversion" ;; <rdar://problem/51756739>
    170171        "kern.safeboot"
    171172        "kern.version"
     
    636637#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101400 || PLATFORM(IOSMAC)
    637638(deny mach-lookup (with no-log)
     639    (global-name "com.apple.CoreServices.coreservicesd")
     640    (global-name "com.apple.DiskArbitration.diskarbitrationd")
    638641    (global-name "com.apple.ViewBridgeAuxiliary")
    639642    (global-name "com.apple.windowserver.active"))
    640643#endif
    641 
    642644
    643645;; Needed to support encrypted media playback <rdar://problem/40038478>
Note: See TracChangeset for help on using the changeset viewer.