Title: [245246] trunk/Source/WebKit
- Revision
- 245246
- Author
- bfulg...@apple.com
- Date
- 2019-05-13 12:53:44 -0700 (Mon, 13 May 2019)
Log Message
Correct the sandbox to allow loading libraries from /Library/Apple
https://bugs.webkit.org/show_bug.cgi?id=197844
Reviewed by Per Arne Vollan.
Grant access to '/Library/Apple' as an appropriate place to load
system frameworks.
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (245245 => 245246)
--- trunk/Source/WebKit/ChangeLog 2019-05-13 19:40:01 UTC (rev 245245)
+++ trunk/Source/WebKit/ChangeLog 2019-05-13 19:53:44 UTC (rev 245246)
@@ -1,3 +1,15 @@
+2019-05-13 Brent Fulgham <bfulg...@apple.com>
+
+ Correct the sandbox to allow loading libraries from /Library/Apple
+ https://bugs.webkit.org/show_bug.cgi?id=197844
+
+ Reviewed by Per Arne Vollan.
+
+ Grant access to '/Library/Apple' as an appropriate place to load
+ system frameworks.
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2019-05-13 Chris Dumez <cdu...@apple.com>
Unreviewed, rolling out r245240.
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (245245 => 245246)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2019-05-13 19:40:01 UTC (rev 245245)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2019-05-13 19:53:44 UTC (rev 245246)
@@ -40,6 +40,7 @@
(allow file-read*
(require-all (file-mode #o0004)
(require-any (subpath "/Library/Filesystems/NetFSPlugins")
+ (subpath "/Library/Apple/System")
(subpath "/Library/Preferences/Logging") ; Logging Rethink
(subpath "/System")
(subpath "/private/var/db/dyld")
@@ -53,6 +54,15 @@
(subpath "/AppleInternal/Library/Preferences/Logging")
(system-attribute apple-internal)))
+;;; Allow mapping of system frameworks + dylibs
+(allow file-map-executable
+ (subpath "/Library/Apple/System/Library/Frameworks")
+ (subpath "/Library/Apple/System/Library/PrivateFrameworks")
+ (subpath "/System/Library/Frameworks")
+ (subpath "/System/Library/PrivateFrameworks")
+ (subpath "/usr/lib")
+ (literal "/usr/local/lib/sanitizers"))
+
(allow file-read-metadata
(literal "/etc")
(literal "/tmp")
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes