Changeset 83425 in webkit

Timestamp:

Apr 10, 2011 10:49:27 PM (13 years ago)

Author:

mjs@apple.com

Message:

2011-04-10 Maciej Stachowiak <​mjs@apple.com>

Reviewed by Dan Bernstein.

REGRESSION: WebProcess spews sandboxing violations for outbound network traffic
​https://bugs.webkit.org/show_bug.cgi?id=58215
<rdar://problem/9251695>

• WebProcess/com.apple.WebProcess.sb: Restore some previously removed rules.

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• WebProcess/com.apple.WebProcess.sb (modified) (2 diffs)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2011-04-10  Maciej Stachowiak  <mjs@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        REGRESSION: WebProcess spews sandboxing violations for outbound network traffic
+        https://bugs.webkit.org/show_bug.cgi?id=58215
+        <rdar://problem/9251695>
+        
+        * WebProcess/com.apple.WebProcess.sb: Restore some previously removed rules.
+
 2011-04-10  Kimmo Kinnunen  <kimmo.t.kinnunen@nokia.com>
 

trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb

@@ -133 +133 @@
 )
 
+;; FIXME: <rdar://problem/9263428> These rules are required to avoid
+;; sandbox violation spam, but some narrower rule should be
+;; sufficient.
+(allow network-outbound)
+(deny network-outbound (regex ""))
+(deny network-outbound (local ip))
+
 (allow network-outbound
    ;; Local mDNSResponder for DNS, arbitrary outbound TCP
@@ -138 +145 @@
    (remote tcp)
 )
+
+(allow system-socket)
+(allow network-outbound (control-name "com.apple.network.statistics"))
 
 ;; FIXME: Once <rdar://problem/8900275> has been fixed, these rules can be removed.