Diff
Modified: tags/Safari-603.1.13.1/Source/WebKit2/ChangeLog (209055 => 209056)
--- tags/Safari-603.1.13.1/Source/WebKit2/ChangeLog 2016-11-29 02:20:20 UTC (rev 209055)
+++ tags/Safari-603.1.13.1/Source/WebKit2/ChangeLog 2016-11-29 02:24:19 UTC (rev 209056)
@@ -1,3 +1,7 @@
+2016-11-28 Matthew Hanson <matthew_han...@apple.com>
+
+ Rollout r208589. rdar://problem/29277451
+
2016-11-28 Babak Shafiei <bshaf...@apple.com>
Roll out r208835. rdar://problem/29277451
Modified: tags/Safari-603.1.13.1/Source/WebKit2/Configurations/WebKit.xcconfig (209055 => 209056)
--- tags/Safari-603.1.13.1/Source/WebKit2/Configurations/WebKit.xcconfig 2016-11-29 02:20:20 UTC (rev 209055)
+++ tags/Safari-603.1.13.1/Source/WebKit2/Configurations/WebKit.xcconfig 2016-11-29 02:24:19 UTC (rev 209056)
@@ -52,7 +52,7 @@
SECTORDER_FLAGS_Production[sdk=iphoneos*] = -Wl,-order_file,$(SDKROOT)/AppleInternal/OrderFiles/WebKit.order;
SECTORDER_FLAGS_Production[sdk=macosx*] = -Wl,-order_file,mac/WebKit2.order;
-EXCLUDED_SOURCE_FILE_NAMES[sdk=iphone*] = PluginProcessShim.dylib SecItemShim.dylib WebProcessShim.dylib *.pdf Resources/mac/* com.apple.WebKit.Databases.sb com.apple.WebKit.NetworkProcess.sb com.apple.WebProcess.sb com.apple.WebKit.plugin-common.sb PlugInSandboxProfiles/*.sb;
+EXCLUDED_SOURCE_FILE_NAMES[sdk=iphone*] = PluginProcessShim.dylib SecItemShim.dylib WebProcessShim.dylib *.pdf Resources/mac/* com.apple.WebKit.Databases.sb com.apple.WebKit.NetworkProcess.sb com.apple.WebProcess.sb PlugInSandboxProfiles/*.sb;
INSTALLHDRS_SCRIPT_PHASE = YES;
Modified: tags/Safari-603.1.13.1/Source/WebKit2/DerivedSources.make (209055 => 209056)
--- tags/Safari-603.1.13.1/Source/WebKit2/DerivedSources.make 2016-11-29 02:20:20 UTC (rev 209055)
+++ tags/Safari-603.1.13.1/Source/WebKit2/DerivedSources.make 2016-11-29 02:24:19 UTC (rev 209056)
@@ -203,7 +203,6 @@
SANDBOX_PROFILES = \
com.apple.WebProcess.sb \
com.apple.WebKit.Databases.sb \
- com.apple.WebKit.plugin-common.sb \
com.apple.WebKit.NetworkProcess.sb
all: $(SANDBOX_PROFILES)
Deleted: tags/Safari-603.1.13.1/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in (209055 => 209056)
--- tags/Safari-603.1.13.1/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in 2016-11-29 02:20:20 UTC (rev 209055)
+++ tags/Safari-603.1.13.1/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in 2016-11-29 02:24:19 UTC (rev 209056)
@@ -1,382 +0,0 @@
-; Copyright (C) 2013-2016 Apple Inc. All rights reserved.
-;
-; Redistribution and use in source and binary forms, with or without
-; modification, are permitted provided that the following conditions
-; are met:
-; 1. Redistributions of source code must retain the above copyright
-; notice, this list of conditions and the following disclaimer.
-; 2. Redistributions in binary form must reproduce the above copyright
-; notice, this list of conditions and the following disclaimer in the
-; documentation and/or other materials provided with the distribution.
-;
-; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
-; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
-; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
-; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-; THE POSSIBILITY OF SUCH DAMAGE.
-
-(version 1)
-(deny default)
-(allow system-audit file-read-metadata)
-
-(import "system.sb")
-
-;; Utility functions
-(define (home-literal home-relative-literal)
- (literal (string-append (param "HOME_DIR") home-relative-literal)))
-
-(define (home-library-regex home-library-relative-regex)
- (regex (string-append "^" (regex-quote (param "HOME_LIBRARY_DIR")) home-library-relative-regex)))
-
-(define (home-library-subpath home-library-relative-subpath)
- (subpath (string-append (param "HOME_LIBRARY_DIR") home-library-relative-subpath)))
-
-(define (home-library-literal home-library-relative-literal)
- (literal (string-append (param "HOME_LIBRARY_DIR") home-library-relative-literal)))
-
-(define (home-library-preferences-regex home-library-preferences-relative-regex)
- (regex (string-append "^" (regex-quote (param "HOME_LIBRARY_PREFERENCES_DIR")) home-library-preferences-relative-regex)))
-
-(define (home-library-preferences-subpath home-library-preferences-relative-subpath)
- (subpath (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-subpath)))
-
-(define (home-library-preferences-literal home-library-preferences-relative-literal)
- (literal (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-literal)))
-
-(define (shared-preferences-read . domains)
- (for-each (lambda (domain)
- (begin
- (if (defined? `user-preference-read)
- (allow user-preference-read (preference-domain domain)))
- ; (Temporary) backward compatibility with non-CFPreferences readers.
- (allow file-read*
- (literal (string-append "/Library/Preferences/" domain ".plist"))
- (home-library-preferences-literal (string-append "/" domain ".plist"))
- (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
- domains))
-
-(define (shared-preferences-read-write . domains)
- (for-each (lambda (domain)
- (begin
- (if (defined? `user-preference-write)
- (allow user-preference-read user-preference-write (preference-domain domain)))
- ; (Temporary) backward compatibility with non-CFPreferences readers / writers.
- (allow file-read* file-write*
- (literal (string-append "/Library/Preferences/" domain ".plist"))
- (home-library-preferences-literal (string-append "/" domain ".plist"))
- (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
- domains))
-
-;; WebKit2 sandbox launcher needs to define an _OS_VERSION parameter
-;; This parameter is the major OS Version number.
-(if (not (defined? 'os-version))
- (define os-version (param "_OS_VERSION")))
-
-;; Graphics
-(if (defined? 'system-graphics)
- (system-graphics)
- (begin
- (shared-preferences-read
- "com.apple.opengl"
- "com.nvidia.OpenGL")
- (allow mach-lookup (global-name "com.apple.cvmsServ"))
- (allow iokit-open
- (iokit-connection "IOAccelerator")
- (iokit-user-client-class "IOAccelerationUserClient")
- (iokit-user-client-class "IOSurfaceRootUserClient")
- (iokit-user-client-class "IOSurfaceSendRight")
- (iokit-user-client-class "IOFramebufferSharedUserClient")
- (iokit-user-client-class "AppleSNBFBUserClient")
- (iokit-user-client-class "AGPMClient")
- (iokit-user-client-class "AppleGraphicsControlClient")
- (iokit-user-client-class "AppleGraphicsPolicyClient"))))
-
-;; Read-only preferences
-(shared-preferences-read
- ".GlobalPreferences"
- "com.apple.Bluetooth"
- "com.apple.CoreGraphics"
- "com.apple.QuickTime"
- "com.apple.HIToolbox"
- "com.apple.ATS"
- "com.apple.driver.AppleBluetoothMultitouch.mouse"
- "com.apple.driver.AppleBluetoothMultitouch.trackpad"
- "com.apple.driver.AppleHIDMouse"
- "com.apple.inputmethodkit"
- "com.apple.iWork.Pages"
- "com.apple.LaunchServices"
- "com.apple.MultitouchSupport"
- "com.apple.security"
- "com.apple.security.revocation"
- "com.apple.security_common"
- "com.apple.speech.voice.prefs"
- "com.apple.speech.synthesis.general.prefs"
- "com.apple.speech.recognition.AppleSpeechRecognition.prefs"
- "com.apple.systemsound"
- "com.apple.universalaccess"
- "com.apple.WebFoundation"
- "com.apple.WebKit.PluginProcess"
- "pbs"
- "com.apple.ServicesMenu.Services")
-
-;; Read-only data
-(allow file-read*
- (literal "/")
- (literal "/private/etc/hosts")
- (literal "/private/etc/protocols")
- (literal "/private/etc/services")
- (literal "/private/etc/resolv.conf")
- (literal "/private/var/run/resolv.conf")
-
- (subpath "/Library/Frameworks")
- (subpath "/Library/Managed Preferences")
- (subpath "/private/var/db/mds")
-
- (regex #"^/Library/Preferences/com\.apple\.security")
- (home-literal "/.CFUserTextEncoding")
- (home-library-subpath "/Audio")
- (home-library-subpath "/ColorPickers")
- (home-library-subpath "/ColorSync")
- (subpath "/Library/Components")
- (home-library-subpath "/Components")
- (subpath "/Library/Contextual Menu Items")
- (subpath "/Library/Input Methods")
- (home-library-subpath "/Input Methods")
- (subpath "/Library/InputManagers")
- (home-library-subpath "/InputManagers")
- (home-library-subpath "/KeyBindings")
- (subpath "/Library/Keyboard Layouts")
- (home-library-subpath "/Keyboard Layouts")
- (subpath "/Library/Fonts")
- (home-library-subpath "/Fonts")
- (subpath "/Library/Spelling")
- (home-library-subpath "/Spelling")
- (subpath "/Library/PDF Services")
- (home-library-subpath "/PDF Services")
- (home-library-preferences-literal "/QuickTime Preferences")
-
- (home-library-literal "/Caches/com.apple.coreaudio.components.plist")
-
- (subpath "/Library/Audio/Sounds")
- (subpath "/Library/Audio/Plug-Ins/Components")
- (home-library-subpath "/Audio/Plug-Ins/Components")
- (subpath "/Library/Audio/Plug-Ins/HAL")
- (subpath "/Library/CoreMediaIO/Plug-Ins/DAL")
- (subpath "/Library/QuickTime")
- (home-library-subpath "/QuickTime")
- (subpath "/Library/Video/Plug-Ins")
- (home-library-subpath "/Caches/QuickTime")
-
- (literal "/Library/Application Support/CrashReporter/SubmitDiagInfo.domains")
-
- (home-library-literal "/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain")
-
- (subpath "/Library/ColorSync")
-
- (home-literal "/Library/Preferences/com.apple.lookup.shared.plist")
-
- ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
- (subpath "/Library/Keychains"))
-
-;; Security framework
-(allow mach-lookup (global-name "com.apple.ocspd"))
-(allow file-read* file-write* (home-library-subpath "/Keychains"))
-(allow file-read*
- (subpath "/private/var/db/mds")
- (literal "/private/var/db/DetachedSignatures"))
-(allow ipc-posix-shm-read* ipc-posix-shm-write-data
- (ipc-posix-name "com.apple.AppleDatabaseChanged"))
-
-;; Read-write preferences and data
-(allow file*
- ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
- (home-library-subpath "/Keychains"))
-(allow system-fsctl (fsctl-command (_IO "h" 47)))
-
-;; IOKit user clients
-(allow iokit-open
- (iokit-user-client-class "IOAudioControlUserClient")
- (iokit-user-client-class "IOAudioEngineUserClient")
- (iokit-user-client-class "IOHIDParamUserClient")
- (iokit-user-client-class "RootDomainUserClient"))
-
-;; Various services required by AppKit and other frameworks
-(allow mach-lookup
- (global-name "com.apple.CoreServices.coreservicesd")
- (global-name "com.apple.DiskArbitration.diskarbitrationd")
- (global-name "com.apple.FileCoordination")
- (global-name "com.apple.FontObjectsServer")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101200
- (global-name "com.apple.FontServer")
-#endif
- (global-name "com.apple.ImageCaptureExtension2.presence")
- (global-name "com.apple.PowerManagement.control")
- (global-name "com.apple.SecurityServer")
- (global-name "com.apple.SystemConfiguration.PPPController")
- (global-name "com.apple.SystemConfiguration.configd")
- (global-name "com.apple.UNCUserNotification")
- (global-name "com.apple.audio.VDCAssistant")
- (global-name "com.apple.audio.audiohald")
- (global-name "com.apple.audio.coreaudiod")
- (global-name "com.apple.cfnetwork.AuthBrokerAgent")
- (global-name "com.apple.cmio.VDCAssistant")
- (global-name "com.apple.cookied") ;; FIXME: <rdar://problem/10790768> Limit access to cookies.
- (global-name "com.apple.coreservices.launchservicesd")
- (global-name "com.apple.fonts")
- (global-name "com.apple.ocspd")
- (global-name "com.apple.pasteboard.1")
- (global-name "com.apple.pbs.fetch_services")
- (global-name "com.apple.tccd.system")
- (global-name "com.apple.tsm.uiserver")
- (global-name "com.apple.window_proxies")
- (global-name "com.apple.windowserver.active")
- (local-name "com.apple.tsm.portname")
- (global-name-regex #"_OpenStep$"))
-
-;; Configuration directories
-(allow file-read* (subpath (param "PLUGIN_PATH")))
-(allow file-read* (subpath (param "WEBKIT2_FRAMEWORK_DIR")))
-(allow file* (subpath (param "DARWIN_USER_TEMP_DIR")))
-(allow file* (subpath (param "DARWIN_USER_CACHE_DIR")))
-(allow file* (subpath (param "NSURL_CACHE_DIR")))
-
-;; Allow the OpenGL Profiler to attach.
-(if (defined? 'mach-register)
- (allow mach-register (global-name-regex #"^_oglprof_attach_<[0-9]+>$")))
-
-;; Networking
-(if (defined? 'system-network)
- (system-network)
- (begin
- (allow file-read* (literal "/Library/Preferences/com.apple.networkd.plist"))
- (allow mach-lookup
- (global-name "com.apple.SystemConfiguration.SCNetworkReachability")
- (global-name "com.apple.networkd"))
- (allow network-outbound
- (control-name "com.apple.netsrc")
- (control-name "com.apple.network.statistics"))
- (allow system-socket
- (require-all (socket-domain AF_SYSTEM)
- (socket-protocol 2)) ; SYSPROTO_CONTROL
- (socket-domain AF_ROUTE))))
-
-(allow network-outbound
- ;; Local mDNSResponder for DNS, arbitrary outbound TCP and UDP
- (literal "/private/var/run/mDNSResponder")
- (remote tcp)
- (remote udp))
-(allow network-inbound
- (local udp))
-
-
-;; Open and Save panels
-(define (webkit-powerbox)
- (allow file-read* (literal "/Library/Preferences/com.apple.ViewBridge.plist"))
- (allow file-read* file-write* (extension "com.apple.app-sandbox.read-write"))
- (allow file-issue-extension
- (require-all
- (extension-class "com.apple.app-sandbox.read")
- (extension "com.apple.app-sandbox.read-write"))
- (require-all
- (extension-class "com.apple.app-sandbox.read-write")
- (extension "com.apple.app-sandbox.read-write"))))
-
-;; Printing
-(define (webkit-printing)
- (if (defined? 'authorization-right-obtain)
- (allow authorization-right-obtain
- (right-name "system.print.operator")
- (right-name "system.printingmanager")))
- (if (defined? 'mach-register)
- (deny mach-register (with no-log)
- (global-name-regex #"^com\.apple\.ICA-[0-9]+$")))
- (if (defined? 'mach-task-name)
- (allow mach-task-name))
- (allow network-outbound (literal "/private/var/run/cupsd"))
- (allow mach-lookup
- (global-name "com.apple.printuitool.agent")
- (global-name "com.apple.printtool.agent")
- (global-name "com.apple.printtool.daemon"))
- (allow file-read*
- (subpath "/Library/Printers")
- (home-literal "/.cups/lpoptions")
- (home-literal "/.cups/client.conf")
- (literal "/private/etc/cups/client.conf")
- (literal "/private/etc/cups/lpoptions")
- (subpath "/private/etc/cups/ppd")
- (literal "/private/var/run/cupsd"))
- (shared-preferences-read "org.cups.PrintingPrefs"))
-
-;; Text Services Manager
-#if PLATFORM(IOS) || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200)
-(with-filter (iokit-registry-entry-class "IOHIDEventDriver")
- (allow iokit-set-properties (iokit-property "CapsLockDelayOverride")))
-#else
-(allow iokit-set-properties (iokit-property "CapsLockDelayOverride"))
-#endif
-
-;; Image Capture
-(define (webkit-imagecapture)
- (allow appleevent-send (appleevent-destination "com.apple.imagecaptureextension2")))
-
-;; Camera
-(define (webkit-camera)
- (shared-preferences-read "com.apple.coremedia")
- (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
- (allow mach-lookup
- (global-name "com.apple.cmio.AppleCameraAssistant")
- ;; Apple DAL assistants
- (global-name "com.apple.cmio.VDCAssistant")
- (global-name "com.apple.cmio.AVCAssistant")
- (global-name "com.apple.cmio.IIDCVideoAssistant")
- ;; QuickTimeIIDCDigitizer assistant
- (global-name "com.apple.IIDCAssistant"))
- (allow iokit-open
- ;; QuickTimeUSBVDCDigitizer
- (iokit-user-client-class "IOUSBDeviceUserClientV2")
- (iokit-user-client-class "IOUSBInterfaceUserClientV2"))
- (allow device-camera))
-
-;; Microphone
-(define (webkit-microphone)
- (allow device-microphone))
-
-;; Silently block access to some resources
-(deny file-read* file-write* (with no-log)
- (subpath "/Network/Library")
- (subpath "/Network/Applications")
- (home-library-preferences-regex #"/com\.apple\.internetconfig(priv)?\.plist")
-
- ;; FIXME: Should be removed after <rdar://problem/10463881> is fixed.
- (home-library-preferences-literal "/com.apple.LaunchServices.QuarantineEventsV2")
- (home-library-preferences-literal "/com.apple.LaunchServices.QuarantineEventsV2-journal"))
-
-(deny mach-lookup (with no-log)
- (global-name "com.apple.FSEvents")
- (global-name "com.apple.coreservices.appleevents")
- (global-name "com.apple.dock.server")
- (global-name-regex #"^com\.apple\.distributed_notifications"))
-
-;; The below rules are inserted at the end of sandbox profile compilation by overriding the finalizer.
-;; The initial value of %finalize must be the last function called.
-(letrec
- ((original-%finalize %finalize)
- (webkit-%finalize
- (lambda ()
- (if (defined? 'vnode-type)
- (deny file-write-create
- (vnode-type SYMLINK)))
- ;; Reserve a namespace for additional protected extended attributes.
- (deny file-read-xattr file-write-xattr (xattr #"^com\.apple\.security\.private\."))
- ;; FIXME: Should be removed once <rdar://problem/16329087> is fixed.
- (if (defined? 'xattr-regex)
- (deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
- (deny file-read-xattr file-write-xattr (xattr #"^com\.apple\.security\.private\.")))
- (original-%finalize))))
- (set! %finalize webkit-%finalize))
Copied: tags/Safari-603.1.13.1/Source/WebKit2/Resources/PlugInSandboxProfiles/com.apple.WebKit.plugin-common.sb (from rev 209052, tags/Safari-603.1.13.1/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in) (0 => 209056)
--- tags/Safari-603.1.13.1/Source/WebKit2/Resources/PlugInSandboxProfiles/com.apple.WebKit.plugin-common.sb (rev 0)
+++ tags/Safari-603.1.13.1/Source/WebKit2/Resources/PlugInSandboxProfiles/com.apple.WebKit.plugin-common.sb 2016-11-29 02:24:19 UTC (rev 209056)
@@ -0,0 +1,380 @@
+; Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
+;
+; Redistribution and use in source and binary forms, with or without
+; modification, are permitted provided that the following conditions
+; are met:
+; 1. Redistributions of source code must retain the above copyright
+; notice, this list of conditions and the following disclaimer.
+; 2. Redistributions in binary form must reproduce the above copyright
+; notice, this list of conditions and the following disclaimer in the
+; documentation and/or other materials provided with the distribution.
+;
+; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+; THE POSSIBILITY OF SUCH DAMAGE.
+
+(version 1)
+(deny default)
+(allow system-audit file-read-metadata)
+
+(import "system.sb")
+
+;; Utility functions
+(define (home-literal home-relative-literal)
+ (literal (string-append (param "HOME_DIR") home-relative-literal)))
+
+(define (home-library-regex home-library-relative-regex)
+ (regex (string-append "^" (regex-quote (param "HOME_LIBRARY_DIR")) home-library-relative-regex)))
+
+(define (home-library-subpath home-library-relative-subpath)
+ (subpath (string-append (param "HOME_LIBRARY_DIR") home-library-relative-subpath)))
+
+(define (home-library-literal home-library-relative-literal)
+ (literal (string-append (param "HOME_LIBRARY_DIR") home-library-relative-literal)))
+
+(define (home-library-preferences-regex home-library-preferences-relative-regex)
+ (regex (string-append "^" (regex-quote (param "HOME_LIBRARY_PREFERENCES_DIR")) home-library-preferences-relative-regex)))
+
+(define (home-library-preferences-subpath home-library-preferences-relative-subpath)
+ (subpath (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-subpath)))
+
+(define (home-library-preferences-literal home-library-preferences-relative-literal)
+ (literal (string-append (param "HOME_LIBRARY_PREFERENCES_DIR") home-library-preferences-relative-literal)))
+
+(define (shared-preferences-read . domains)
+ (for-each (lambda (domain)
+ (begin
+ (if (defined? `user-preference-read)
+ (allow user-preference-read (preference-domain domain)))
+ ; (Temporary) backward compatibility with non-CFPreferences readers.
+ (allow file-read*
+ (literal (string-append "/Library/Preferences/" domain ".plist"))
+ (home-library-preferences-literal (string-append "/" domain ".plist"))
+ (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
+ domains))
+
+(define (shared-preferences-read-write . domains)
+ (for-each (lambda (domain)
+ (begin
+ (if (defined? `user-preference-write)
+ (allow user-preference-read user-preference-write (preference-domain domain)))
+ ; (Temporary) backward compatibility with non-CFPreferences readers / writers.
+ (allow file-read* file-write*
+ (literal (string-append "/Library/Preferences/" domain ".plist"))
+ (home-library-preferences-literal (string-append "/" domain ".plist"))
+ (home-library-preferences-regex (string-append #"/ByHost/" (regex-quote domain) #"\..*\.plist$")))))
+ domains))
+
+;; WebKit2 sandbox launcher needs to define an _OS_VERSION parameter
+;; This parameter is the major OS Version number.
+(if (not (defined? 'os-version))
+ (define os-version (param "_OS_VERSION")))
+
+;; Graphics
+(if (defined? 'system-graphics)
+ (system-graphics)
+ (begin
+ (shared-preferences-read
+ "com.apple.opengl"
+ "com.nvidia.OpenGL")
+ (allow mach-lookup (global-name "com.apple.cvmsServ"))
+ (allow iokit-open
+ (iokit-connection "IOAccelerator")
+ (iokit-user-client-class "IOAccelerationUserClient")
+ (iokit-user-client-class "IOSurfaceRootUserClient")
+ (iokit-user-client-class "IOSurfaceSendRight")
+ (iokit-user-client-class "IOFramebufferSharedUserClient")
+ (iokit-user-client-class "AppleSNBFBUserClient")
+ (iokit-user-client-class "AGPMClient")
+ (iokit-user-client-class "AppleGraphicsControlClient")
+ (iokit-user-client-class "AppleGraphicsPolicyClient"))))
+
+;; Read-only preferences
+(shared-preferences-read
+ ".GlobalPreferences"
+ "com.apple.Bluetooth"
+ "com.apple.CoreGraphics"
+ "com.apple.QuickTime"
+ "com.apple.HIToolbox"
+ "com.apple.ATS"
+ "com.apple.driver.AppleBluetoothMultitouch.mouse"
+ "com.apple.driver.AppleBluetoothMultitouch.trackpad"
+ "com.apple.driver.AppleHIDMouse"
+ "com.apple.inputmethodkit"
+ "com.apple.iWork.Pages"
+ "com.apple.LaunchServices"
+ "com.apple.MultitouchSupport"
+ "com.apple.security"
+ "com.apple.security.revocation"
+ "com.apple.security_common"
+ "com.apple.speech.voice.prefs"
+ "com.apple.speech.synthesis.general.prefs"
+ "com.apple.speech.recognition.AppleSpeechRecognition.prefs"
+ "com.apple.systemsound"
+ "com.apple.universalaccess"
+ "com.apple.WebFoundation"
+ "com.apple.WebKit.PluginProcess"
+ "pbs"
+ "com.apple.ServicesMenu.Services")
+
+;; Read-only data
+(allow file-read*
+ (literal "/")
+ (literal "/private/etc/hosts")
+ (literal "/private/etc/protocols")
+ (literal "/private/etc/services")
+ (literal "/private/etc/resolv.conf")
+ (literal "/private/var/run/resolv.conf")
+
+ (subpath "/Library/Frameworks")
+ (subpath "/Library/Managed Preferences")
+ (subpath "/private/var/db/mds")
+
+ (regex #"^/Library/Preferences/com\.apple\.security")
+ (home-literal "/.CFUserTextEncoding")
+ (home-library-subpath "/Audio")
+ (home-library-subpath "/ColorPickers")
+ (home-library-subpath "/ColorSync")
+ (subpath "/Library/Components")
+ (home-library-subpath "/Components")
+ (subpath "/Library/Contextual Menu Items")
+ (subpath "/Library/Input Methods")
+ (home-library-subpath "/Input Methods")
+ (subpath "/Library/InputManagers")
+ (home-library-subpath "/InputManagers")
+ (home-library-subpath "/KeyBindings")
+ (subpath "/Library/Keyboard Layouts")
+ (home-library-subpath "/Keyboard Layouts")
+ (subpath "/Library/Fonts")
+ (home-library-subpath "/Fonts")
+ (subpath "/Library/Spelling")
+ (home-library-subpath "/Spelling")
+ (subpath "/Library/PDF Services")
+ (home-library-subpath "/PDF Services")
+ (home-library-preferences-literal "/QuickTime Preferences")
+
+ (home-library-literal "/Caches/com.apple.coreaudio.components.plist")
+
+ (subpath "/Library/Audio/Sounds")
+ (subpath "/Library/Audio/Plug-Ins/Components")
+ (home-library-subpath "/Audio/Plug-Ins/Components")
+ (subpath "/Library/Audio/Plug-Ins/HAL")
+ (subpath "/Library/CoreMediaIO/Plug-Ins/DAL")
+ (subpath "/Library/QuickTime")
+ (home-library-subpath "/QuickTime")
+ (subpath "/Library/Video/Plug-Ins")
+ (home-library-subpath "/Caches/QuickTime")
+
+ (literal "/Library/Application Support/CrashReporter/SubmitDiagInfo.domains")
+
+ (home-library-literal "/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain")
+
+ (subpath "/Library/ColorSync")
+
+ (home-literal "/Library/Preferences/com.apple.lookup.shared.plist")
+
+ ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
+ (subpath "/Library/Keychains"))
+
+;; Security framework
+(allow mach-lookup (global-name "com.apple.ocspd"))
+(allow file-read* file-write* (home-library-subpath "/Keychains"))
+(allow file-read*
+ (subpath "/private/var/db/mds")
+ (literal "/private/var/db/DetachedSignatures"))
+(allow ipc-posix-shm-read* ipc-posix-shm-write-data
+ (ipc-posix-name "com.apple.AppleDatabaseChanged"))
+
+;; Read-write preferences and data
+(allow file*
+ ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
+ (home-library-subpath "/Keychains"))
+(allow system-fsctl (fsctl-command (_IO "h" 47)))
+
+;; IOKit user clients
+(allow iokit-open
+ (iokit-user-client-class "IOAudioControlUserClient")
+ (iokit-user-client-class "IOAudioEngineUserClient")
+ (iokit-user-client-class "IOHIDParamUserClient")
+ (iokit-user-client-class "RootDomainUserClient"))
+
+;; Various services required by AppKit and other frameworks
+(allow mach-lookup
+ (global-name "com.apple.CoreServices.coreservicesd")
+ (global-name "com.apple.DiskArbitration.diskarbitrationd")
+ (global-name "com.apple.FileCoordination")
+ (global-name "com.apple.FontObjectsServer")
+ (global-name "com.apple.FontServer")
+ (global-name "com.apple.ImageCaptureExtension2.presence")
+ (global-name "com.apple.PowerManagement.control")
+ (global-name "com.apple.SecurityServer")
+ (global-name "com.apple.SystemConfiguration.PPPController")
+ (global-name "com.apple.SystemConfiguration.configd")
+ (global-name "com.apple.UNCUserNotification")
+ (global-name "com.apple.audio.VDCAssistant")
+ (global-name "com.apple.audio.audiohald")
+ (global-name "com.apple.audio.coreaudiod")
+ (global-name "com.apple.cfnetwork.AuthBrokerAgent")
+ (global-name "com.apple.cmio.VDCAssistant")
+ (global-name "com.apple.cookied") ;; FIXME: <rdar://problem/10790768> Limit access to cookies.
+ (global-name "com.apple.coreservices.launchservicesd")
+ (global-name "com.apple.fonts")
+ (global-name "com.apple.ocspd")
+ (global-name "com.apple.pasteboard.1")
+ (global-name "com.apple.pbs.fetch_services")
+ (global-name "com.apple.tccd.system")
+ (global-name "com.apple.tsm.uiserver")
+ (global-name "com.apple.window_proxies")
+ (global-name "com.apple.windowserver.active")
+ (local-name "com.apple.tsm.portname")
+ (global-name-regex #"_OpenStep$"))
+
+;; Configuration directories
+(allow file-read* (subpath (param "PLUGIN_PATH")))
+(allow file-read* (subpath (param "WEBKIT2_FRAMEWORK_DIR")))
+(allow file* (subpath (param "DARWIN_USER_TEMP_DIR")))
+(allow file* (subpath (param "DARWIN_USER_CACHE_DIR")))
+(allow file* (subpath (param "NSURL_CACHE_DIR")))
+
+;; Allow the OpenGL Profiler to attach.
+(if (defined? 'mach-register)
+ (allow mach-register (global-name-regex #"^_oglprof_attach_<[0-9]+>$")))
+
+;; Networking
+(if (defined? 'system-network)
+ (system-network)
+ (begin
+ (allow file-read* (literal "/Library/Preferences/com.apple.networkd.plist"))
+ (allow mach-lookup
+ (global-name "com.apple.SystemConfiguration.SCNetworkReachability")
+ (global-name "com.apple.networkd"))
+ (allow network-outbound
+ (control-name "com.apple.netsrc")
+ (control-name "com.apple.network.statistics"))
+ (allow system-socket
+ (require-all (socket-domain AF_SYSTEM)
+ (socket-protocol 2)) ; SYSPROTO_CONTROL
+ (socket-domain AF_ROUTE))))
+
+(allow network-outbound
+ ;; Local mDNSResponder for DNS, arbitrary outbound TCP and UDP
+ (literal "/private/var/run/mDNSResponder")
+ (remote tcp)
+ (remote udp))
+(allow network-inbound
+ (local udp))
+
+
+;; Open and Save panels
+(define (webkit-powerbox)
+ (allow file-read* (literal "/Library/Preferences/com.apple.ViewBridge.plist"))
+ (allow file-read* file-write* (extension "com.apple.app-sandbox.read-write"))
+ (allow file-issue-extension
+ (require-all
+ (extension-class "com.apple.app-sandbox.read")
+ (extension "com.apple.app-sandbox.read-write"))
+ (require-all
+ (extension-class "com.apple.app-sandbox.read-write")
+ (extension "com.apple.app-sandbox.read-write"))))
+
+;; Printing
+(define (webkit-printing)
+ (if (defined? 'authorization-right-obtain)
+ (allow authorization-right-obtain
+ (right-name "system.print.operator")
+ (right-name "system.printingmanager")))
+ (if (defined? 'mach-register)
+ (deny mach-register (with no-log)
+ (global-name-regex #"^com\.apple\.ICA-[0-9]+$")))
+ (if (defined? 'mach-task-name)
+ (allow mach-task-name))
+ (allow network-outbound (literal "/private/var/run/cupsd"))
+ (allow mach-lookup
+ (global-name "com.apple.printuitool.agent")
+ (global-name "com.apple.printtool.agent")
+ (global-name "com.apple.printtool.daemon"))
+ (allow file-read*
+ (subpath "/Library/Printers")
+ (home-literal "/.cups/lpoptions")
+ (home-literal "/.cups/client.conf")
+ (literal "/private/etc/cups/client.conf")
+ (literal "/private/etc/cups/lpoptions")
+ (subpath "/private/etc/cups/ppd")
+ (literal "/private/var/run/cupsd"))
+ (shared-preferences-read "org.cups.PrintingPrefs"))
+
+;; Text Services Manager
+#if PLATFORM(IOS) || (PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200)
+(with-filter (iokit-registry-entry-class "IOHIDEventDriver")
+ (allow iokit-set-properties (iokit-property "CapsLockDelayOverride")))
+#else
+(allow iokit-set-properties (iokit-property "CapsLockDelayOverride"))
+#endif
+
+;; Image Capture
+(define (webkit-imagecapture)
+ (allow appleevent-send (appleevent-destination "com.apple.imagecaptureextension2")))
+
+;; Camera
+(define (webkit-camera)
+ (shared-preferences-read "com.apple.coremedia")
+ (allow mach-lookup (extension "com.apple.app-sandbox.mach"))
+ (allow mach-lookup
+ (global-name "com.apple.cmio.AppleCameraAssistant")
+ ;; Apple DAL assistants
+ (global-name "com.apple.cmio.VDCAssistant")
+ (global-name "com.apple.cmio.AVCAssistant")
+ (global-name "com.apple.cmio.IIDCVideoAssistant")
+ ;; QuickTimeIIDCDigitizer assistant
+ (global-name "com.apple.IIDCAssistant"))
+ (allow iokit-open
+ ;; QuickTimeUSBVDCDigitizer
+ (iokit-user-client-class "IOUSBDeviceUserClientV2")
+ (iokit-user-client-class "IOUSBInterfaceUserClientV2"))
+ (allow device-camera))
+
+;; Microphone
+(define (webkit-microphone)
+ (allow device-microphone))
+
+;; Silently block access to some resources
+(deny file-read* file-write* (with no-log)
+ (subpath "/Network/Library")
+ (subpath "/Network/Applications")
+ (home-library-preferences-regex #"/com\.apple\.internetconfig(priv)?\.plist")
+
+ ;; FIXME: Should be removed after <rdar://problem/10463881> is fixed.
+ (home-library-preferences-literal "/com.apple.LaunchServices.QuarantineEventsV2")
+ (home-library-preferences-literal "/com.apple.LaunchServices.QuarantineEventsV2-journal"))
+
+(deny mach-lookup (with no-log)
+ (global-name "com.apple.FSEvents")
+ (global-name "com.apple.coreservices.appleevents")
+ (global-name "com.apple.dock.server")
+ (global-name-regex #"^com\.apple\.distributed_notifications"))
+
+;; The below rules are inserted at the end of sandbox profile compilation by overriding the finalizer.
+;; The initial value of %finalize must be the last function called.
+(letrec
+ ((original-%finalize %finalize)
+ (webkit-%finalize
+ (lambda ()
+ (if (defined? 'vnode-type)
+ (deny file-write-create
+ (vnode-type SYMLINK)))
+ ;; Reserve a namespace for additional protected extended attributes.
+ (deny file-read-xattr file-write-xattr (xattr #"^com\.apple\.security\.private\."))
+ ;; FIXME: Should be removed once <rdar://problem/16329087> is fixed.
+ (if (defined? 'xattr-regex)
+ (deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))
+ (deny file-read-xattr file-write-xattr (xattr #"^com\.apple\.security\.private\.")))
+ (original-%finalize))))
+ (set! %finalize webkit-%finalize))
Modified: tags/Safari-603.1.13.1/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj (209055 => 209056)
--- tags/Safari-603.1.13.1/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj 2016-11-29 02:20:20 UTC (rev 209055)
+++ tags/Safari-603.1.13.1/Source/WebKit2/WebKit2.xcodeproj/project.pbxproj 2016-11-29 02:24:19 UTC (rev 209056)
@@ -1151,6 +1151,7 @@
7CAB937A1D459E510070F540 /* NetworkCacheCodersCocoa.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 7CAB93791D459E4B0070F540 /* NetworkCacheCodersCocoa.cpp */; };
7CB16FEF1724BA23007A0A95 /* com.apple.ist.ds.appleconnect.webplugin.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 7CB16FE21724B9B5007A0A95 /* com.apple.ist.ds.appleconnect.webplugin.sb */; };
7CB16FF01724BA24007A0A95 /* com.apple.QuickTime Plugin.plugin.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 7CB16FE31724B9B5007A0A95 /* com.apple.QuickTime Plugin.plugin.sb */; };
+ 7CB16FF11724BA26007A0A95 /* com.apple.WebKit.plugin-common.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 7CB16FE41724B9B5007A0A95 /* com.apple.WebKit.plugin-common.sb */; };
7CB16FF21724BA28007A0A95 /* com.macromedia.Flash Player.plugin.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 7CB16FE51724B9B5007A0A95 /* com.macromedia.Flash Player.plugin.sb */; };
7CB16FF31724BA2F007A0A95 /* com.microsoft.SilverlightPlugin.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 7CB16FE61724B9B5007A0A95 /* com.microsoft.SilverlightPlugin.sb */; };
7CB16FF41724BA30007A0A95 /* com.oracle.java.JavaAppletPlugin.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 7CB16FE71724B9B5007A0A95 /* com.oracle.java.JavaAppletPlugin.sb */; };
@@ -2015,6 +2016,7 @@
E19BDA86193665E300B97F57 /* com.apple.appstore.CodeRedeemerNetscapePlugin.sb in Copy Plug-in Sandbox Profiles */,
7CB16FEF1724BA23007A0A95 /* com.apple.ist.ds.appleconnect.webplugin.sb in Copy Plug-in Sandbox Profiles */,
7CB16FF01724BA24007A0A95 /* com.apple.QuickTime Plugin.plugin.sb in Copy Plug-in Sandbox Profiles */,
+ 7CB16FF11724BA26007A0A95 /* com.apple.WebKit.plugin-common.sb in Copy Plug-in Sandbox Profiles */,
7CB16FF21724BA28007A0A95 /* com.macromedia.Flash Player.plugin.sb in Copy Plug-in Sandbox Profiles */,
7CB16FF31724BA2F007A0A95 /* com.microsoft.SilverlightPlugin.sb in Copy Plug-in Sandbox Profiles */,
7CB16FF41724BA30007A0A95 /* com.oracle.java.JavaAppletPlugin.sb in Copy Plug-in Sandbox Profiles */,
@@ -3180,7 +3182,6 @@
75A8D2D4187D1C0100C39C9E /* WKWebsiteDataStoreInternal.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKWebsiteDataStoreInternal.h; sourceTree = "<group>"; };
762B7481120BBA0100819339 /* FontSmoothingLevel.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FontSmoothingLevel.h; sourceTree = "<group>"; };
762B7484120BBA2D00819339 /* WKPreferencesRefPrivate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WKPreferencesRefPrivate.h; sourceTree = "<group>"; };
- 7A1506721DD56298001F4B58 /* com.apple.WebKit.plugin-common.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "com.apple.WebKit.plugin-common.sb"; sourceTree = "<group>"; };
7A5E39491D5BD8A700B4B7CE /* com.macromedia.Flash Player ESR.plugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "com.macromedia.Flash Player ESR.plugin.sb"; sourceTree = "<group>"; };
7A791EF81C7CFB1000C4C52B /* WebResourceLoadStatisticsStoreMessages.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WebResourceLoadStatisticsStoreMessages.h; sourceTree = "<group>"; };
7A791EF91C7CFB3700C4C52B /* WebResourceLoadStatisticsStoreMessageReceiver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebResourceLoadStatisticsStoreMessageReceiver.cpp; sourceTree = "<group>"; };
@@ -3258,7 +3259,7 @@
7CAB93791D459E4B0070F540 /* NetworkCacheCodersCocoa.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = NetworkCacheCodersCocoa.cpp; sourceTree = "<group>"; };
7CB16FE21724B9B5007A0A95 /* com.apple.ist.ds.appleconnect.webplugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.apple.ist.ds.appleconnect.webplugin.sb; sourceTree = "<group>"; };
7CB16FE31724B9B5007A0A95 /* com.apple.QuickTime Plugin.plugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "com.apple.QuickTime Plugin.plugin.sb"; sourceTree = "<group>"; };
- 7CB16FE41724B9B5007A0A95 /* com.apple.WebKit.plugin-common.sb.in */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = "com.apple.WebKit.plugin-common.sb.in"; sourceTree = "<group>"; };
+ 7CB16FE41724B9B5007A0A95 /* com.apple.WebKit.plugin-common.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "com.apple.WebKit.plugin-common.sb"; sourceTree = "<group>"; };
7CB16FE51724B9B5007A0A95 /* com.macromedia.Flash Player.plugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = "com.macromedia.Flash Player.plugin.sb"; sourceTree = "<group>"; };
7CB16FE61724B9B5007A0A95 /* com.microsoft.SilverlightPlugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.microsoft.SilverlightPlugin.sb; sourceTree = "<group>"; };
7CB16FE71724B9B5007A0A95 /* com.oracle.java.JavaAppletPlugin.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.oracle.java.JavaAppletPlugin.sb; sourceTree = "<group>"; };
@@ -4286,7 +4287,6 @@
1A0EC7FD124BD402007EF4A5 /* mac */ = {
isa = PBXGroup;
children = (
- 7CB16FE41724B9B5007A0A95 /* com.apple.WebKit.plugin-common.sb.in */,
1A2D91A51281D739001EB962 /* PluginControllerProxyMac.mm */,
1AA4792212A59FD9008236C3 /* PluginProcessMac.mm */,
1AC25F8912A48E0300BD2671 /* PluginProcessShim.h */,
@@ -5870,6 +5870,7 @@
E19BDA8419365F4B00B97F57 /* com.apple.appstore.CodeRedeemerNetscapePlugin.sb */,
7CB16FE21724B9B5007A0A95 /* com.apple.ist.ds.appleconnect.webplugin.sb */,
7CB16FE31724B9B5007A0A95 /* com.apple.QuickTime Plugin.plugin.sb */,
+ 7CB16FE41724B9B5007A0A95 /* com.apple.WebKit.plugin-common.sb */,
7A5E39491D5BD8A700B4B7CE /* com.macromedia.Flash Player ESR.plugin.sb */,
7CB16FE51724B9B5007A0A95 /* com.macromedia.Flash Player.plugin.sb */,
7CB16FE61724B9B5007A0A95 /* com.microsoft.SilverlightPlugin.sb */,
@@ -7144,7 +7145,6 @@
51FAEC371B0657310009C4E7 /* ChildProcessMessages.h */,
E115C715190F8A2500ECC516 /* com.apple.WebKit.Databases.sb */,
E17AE2C216B9C63A001C42F1 /* com.apple.WebKit.NetworkProcess.sb */,
- 7A1506721DD56298001F4B58 /* com.apple.WebKit.plugin-common.sb */,
E1967E37150AB5E200C73169 /* com.apple.WebProcess.sb */,
2984F586164BA095004BC0C6 /* CustomProtocolManagerMessageReceiver.cpp */,
2984F587164BA095004BC0C6 /* CustomProtocolManagerMessages.h */,
Modified: tags/Safari-603.1.13.1/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (209055 => 209056)
--- tags/Safari-603.1.13.1/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-11-29 02:20:20 UTC (rev 209055)
+++ tags/Safari-603.1.13.1/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-11-29 02:24:19 UTC (rev 209056)
@@ -1,4 +1,4 @@
-; Copyright (C) 2010-2016 Apple Inc. All rights reserved.
+; Copyright (C) 2010, 2011, 2012, 2013, 2014 Apple Inc. All rights reserved.
;
; Redistribution and use in source and binary forms, with or without
; modification, are permitted provided that the following conditions
@@ -167,9 +167,7 @@
(global-name "com.apple.DiskArbitration.diskarbitrationd")
(global-name "com.apple.FileCoordination")
(global-name "com.apple.FontObjectsServer")
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101200
(global-name "com.apple.FontServer")
-#endif
(global-name "com.apple.SystemConfiguration.configd")
(global-name "com.apple.SystemConfiguration.PPPController")
(global-name "com.apple.audio.SystemSoundServer-OSX")
