Changeset 269877 in webkit


Ignore:
Timestamp:
Nov 16, 2020 2:07:42 PM (3 years ago)
Author:
Brent Fulgham
Message:

[macOS] Remove remote tcp capability from WebContent Sandbox
https://bugs.webkit.org/show_bug.cgi?id=218999
<rdar://problem/70355789>

Reviewed by Per Arne Vollan.

Since we have moved all network activity (aside from some syslog use) out of the WebContent
process, we do not need the ability to open remote tcp connections. We should deny this
capability from our non-Network sandboxes.

  • GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
  • WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
  • WebProcess/com.apple.WebProcess.sb.in:
Location:
trunk/Source/WebKit
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r269869 r269877  
     12020-11-16  Brent Fulgham  <bfulgham@apple.com>
     2
     3        [macOS] Remove remote tcp capability from WebContent Sandbox
     4        https://bugs.webkit.org/show_bug.cgi?id=218999
     5        <rdar://problem/70355789>
     6
     7        Reviewed by Per Arne Vollan.
     8
     9        Since we have moved all network activity (aside from some syslog use) out of the WebContent
     10        process, we do not need the ability to open remote tcp connections. We should deny this
     11        capability from our non-Network sandboxes.
     12
     13        * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
     14        * WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
     15        * WebProcess/com.apple.WebProcess.sb.in:
     16
    1172020-11-16  Devin Rousso  <drousso@apple.com>
    218

  • trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in

    r269517 r269877  
    681681       ;; ObjC map_images needs to send logging data to syslog. <rdar://problem/39778918>
    682682       (literal "/private/var/run/syslog")
    683        (remote tcp))
     683#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 101500
     684       (remote tcp)
     685#endif
     686)
    684687
    685688;; CFNetwork

  • trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in

    r269491 r269877  
    385385       ;; ObjC map_images needs to send logging data to syslog. <rdar://problem/39778918>
    386386       (literal "/private/var/run/syslog")
    387        (remote tcp))
     387)
    388388
    389389;; CFNetwork

  • trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

    r269867 r269877  
    10341034       ;; ObjC map_images needs to send logging data to syslog. <rdar://problem/39778918>
    10351035       (literal "/private/var/run/syslog")
    1036        (remote tcp))
     1036#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 101500
     1037       (remote tcp)
     1038#endif
     1039)
    10371040
    10381041;; CFNetwork
Note: See TracChangeset for help on using the changeset viewer.