Skip to site navigation (Press enter)

[webkit-changes] [228341] trunk/Source/WebKit

bfulgham Fri, 09 Feb 2018 15:57:35 -0800

Title: [228341] trunk/Source/WebKit

Revision: 228341
Author: bfulg...@apple.com
Date: 2018-02-09 15:56:41 -0800 (Fri, 09 Feb 2018)

Log Message

Sandbox violating attempting to read log formatting preference file
https://bugs.webkit.org/show_bug.cgi?id=182648
<rdar://problem/36629495>


Reviewed by Eric Carlson.

Various frameworks attempt to read logging format information from /usr/local/lib/log. The sandbox is blocking
this, generating log spam and preventing some logging features from working properly. We should allow read
access to this path.

* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
* WebProcess/com.apple.WebProcess.sb.in:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (228340 => 228341)


--- trunk/Source/WebKit/ChangeLog	2018-02-09 23:41:34 UTC (rev 228340)
+++ trunk/Source/WebKit/ChangeLog	2018-02-09 23:56:41 UTC (rev 228341)
@@ -1,3 +1,20 @@
+2018-02-09  Brent Fulgham  <bfulg...@apple.com>
+
+        Sandbox violating attempting to read log formatting preference file
+        https://bugs.webkit.org/show_bug.cgi?id=182648
+        <rdar://problem/36629495>
+
+        Reviewed by Eric Carlson.
+
+        Various frameworks attempt to read logging format information from /usr/local/lib/log. The sandbox is blocking
+        this, generating log spam and preventing some logging features from working properly. We should allow read
+        access to this path.
+
+        * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2018-02-08  Chris Dumez  <cdu...@apple.com>
 
         There should be a way to disable [OverrideBuiltins] behavior in a given DOMWrapperWorld

Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (228340 => 228341)


--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in	2018-02-09 23:41:34 UTC (rev 228340)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in	2018-02-09 23:56:41 UTC (rev 228341)
@@ -110,6 +110,10 @@
     (subpath (param "WEBKIT2_FRAMEWORK_DIR")))
 (allow system-fsctl (fsctl-command (_IO "h" 47)))
 
+(allow file-read-data
+    (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
+)
+
 ;; Sandbox extensions
 (define (apply-read-and-issue-extension op path-filter)
     (op file-read* path-filter)

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (228340 => 228341)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2018-02-09 23:41:34 UTC (rev 228340)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2018-02-09 23:56:41 UTC (rev 228341)
@@ -66,6 +66,10 @@
 (allow-well-known-system-group-container-subpath-read
     "/systemgroup.com.apple.nsurlstoragedresources/Library/dafsaData.bin")
 
+(allow file-read-data
+    (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
+)
+
 ;; Security framework
 (allow mach-lookup
     (global-name "com.apple.ocspd")

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (228340 => 228341)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2018-02-09 23:41:34 UTC (rev 228340)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2018-02-09 23:56:41 UTC (rev 228341)
@@ -370,6 +370,10 @@
 ;; Allow ManagedPreference access
 (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
 
+(allow file-read-data
+    (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
+)
+
 ;; Allow mediaserverd to issue file extensions for the purposes of reading media
 (allow file-issue-extension (require-all
     (extension "com.apple.app-sandbox.read")

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (228340 => 228341)


--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2018-02-09 23:41:34 UTC (rev 228340)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2018-02-09 23:56:41 UTC (rev 228341)
@@ -439,6 +439,7 @@
     (home-subpath "/Library/Dictionaries"))
 
 (allow file-read-data
+    (literal "/usr/local/lib/log") ; <rdar://problem/36629495>
     ;; Needed for AES3 support
     (subpath "/Library/Audio/Plug-Ins/Components"))

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes