Changeset 83148 in webkit

Timestamp:

Apr 7, 2011 12:39:24 AM (13 years ago)

Author:

mjs@apple.com

Message:

2011-04-07 Maciej Stachowiak <​mjs@apple.com>

Reviewed by Dan Bernstein.

Remove some no longer needed WebProcess sandbox allowances
​https://bugs.webkit.org/show_bug.cgi?id=58015
<rdar://problem/9232592>

• WebProcess/com.apple.WebProcess.sb: Remove no-longer needed extra network and launching privileges, since the bugs that required them are fixed.

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• WebProcess/com.apple.WebProcess.sb (modified) (2 diffs)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2011-04-07  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        Remove some no longer needed WebProcess sandbox allowances
+        https://bugs.webkit.org/show_bug.cgi?id=58015
+        <rdar://problem/9232592>
+
+        * WebProcess/com.apple.WebProcess.sb: Remove no-longer needed extra network
+        and launching privileges, since the bugs that required them are fixed.
+
 2011-04-06  Chang Shu  <cshu@webkit.org>
 

trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb

@@ -133 +133 @@
 )
 
-;; FIXME: These rules are required until <rdar://problem/8448410> is addressed. See <rdar://problem/8349882> for discussion.
-(allow network-outbound)
-(deny network-outbound (regex ""))
-(deny network-outbound (local ip))
 (allow network-outbound
    ;; Local mDNSResponder for DNS, arbitrary outbound TCP
@@ -158 +154 @@
 (allow network-outbound (remote ip))
 
-;; These rules are required while QTKitServer is being launched directly via posix_spawn (<rdar://problem/6912494>).
-(allow process-fork)
-(allow process-exec (literal "/System/Library/Frameworks/QTKit.framework/Versions/A/Resources/QTKitServer") (with no-sandbox))
-
 ;; FIXME: Once <rdar://problem/8900275> has been fixed, these rules can be removed.
 (allow mach-lookup (global-name "com.apple.pubsub.ipc"))