Diff
Modified: trunk/Source/WebKit/ChangeLog (278951 => 278952)
--- trunk/Source/WebKit/ChangeLog 2021-06-16 19:58:32 UTC (rev 278951)
+++ trunk/Source/WebKit/ChangeLog 2021-06-16 20:12:00 UTC (rev 278952)
@@ -1,3 +1,23 @@
+2021-06-16 Brent Fulgham <bfulg...@apple.com>
+
+ Sandbox profiles need to allow loading from /usr/appleinternal/lib on internal builds
+ https://bugs.webkit.org/show_bug.cgi?id=227079
+ <rdar://problem/79390957>
+
+ Reviewed by Per Arne Vollan.
+
+ We allow the specific directory "/usr/appleinternal/lib/sanitizers", but we actually need
+ access to "/usr/appleinternal/lib" in certain development environments.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+ * WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2021-06-16 Alex Christensen <achristen...@webkit.org>
Clean up WebCookieManagerProxy
Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (278951 => 278952)
--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-06-16 19:58:32 UTC (rev 278951)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-06-16 20:12:00 UTC (rev 278952)
@@ -59,7 +59,8 @@
(subpath "/System/Library/Frameworks")
(subpath "/System/Library/PrivateFrameworks")
(subpath "/usr/lib")
- (subpath "/usr/appleinternal/lib/sanitizers"))
+ (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
(allow file-read-metadata
(literal "/etc")
Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (278951 => 278952)
--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-06-16 19:58:32 UTC (rev 278951)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-06-16 20:12:00 UTC (rev 278952)
@@ -46,7 +46,8 @@
(subpath "/System/Library/PrivateFrameworks")
(subpath "/usr/lib")
(subpath "/usr/local/lib/sanitizers") ;; FIXME(209820)
- (subpath "/usr/appleinternal/lib/sanitizers"))
+ (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
(allow file-read-metadata
(literal "/etc")
@@ -89,7 +90,8 @@
(allow file-read*
(subpath "/usr/local/lib/sanitizers") ;; FIXME(209820)
- (subpath "/usr/appleinternal/lib/sanitizers"))
+ (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
(allow file-write-create
(require-all (prefix "/cores/")
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (278951 => 278952)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-06-16 19:58:32 UTC (rev 278951)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-06-16 20:12:00 UTC (rev 278952)
@@ -315,10 +315,11 @@
(with-filter (system-attribute apple-internal)
;; <rdar://problem/8565035>
;; <rdar://problem/23857452>
+ ;; <rdar://problem/72317112>
(allow file-read* file-map-executable
(subpath "/AppleInternal")
(subpath "/usr/local/lib")
- (subpath "/usr/appleinternal/lib/sanitizers")))
+ (subpath "/usr/appleinternal/lib")))
(with-elevated-precedence
(allow file-read* file-map-executable file-issue-extension
(front-user-home-subpath "/XcodeBuiltProducts")))
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (278951 => 278952)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-06-16 19:58:32 UTC (rev 278951)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-06-16 20:12:00 UTC (rev 278952)
@@ -260,10 +260,11 @@
(with-filter (system-attribute apple-internal)
;; <rdar://problem/8565035>
;; <rdar://problem/23857452>
+ ;; <rdar://problem/72317112>
(allow file-read* file-map-executable
(subpath "/AppleInternal")
(subpath "/usr/local/lib")
- (subpath "/usr/appleinternal/lib/sanitizers")))
+ (subpath "/usr/appleinternal/lib")))
(with-elevated-precedence
(allow file-read* file-map-executable file-issue-extension
(front-user-home-subpath "/XcodeBuiltProducts")))
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb (278951 => 278952)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb 2021-06-16 19:58:32 UTC (rev 278951)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb 2021-06-16 20:12:00 UTC (rev 278952)
@@ -62,11 +62,12 @@
(with-filter (system-attribute apple-internal)
;; <rdar://problem/8565035>
;; <rdar://problem/23857452>
+ ;; <rdar://problem/72317112>
(allow file-read* file-map-executable
(subpath
"/AppleInternal"
"/usr/local/lib"
- "/usr/appleinternal/lib/sanitizers"
+ "/usr/appleinternal/lib"
)
)
)
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (278951 => 278952)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-06-16 19:58:32 UTC (rev 278951)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2021-06-16 20:12:00 UTC (rev 278952)
@@ -354,10 +354,11 @@
(with-filter (system-attribute apple-internal)
;; <rdar://problem/8565035>
;; <rdar://problem/23857452>
+ ;; <rdar://problem/72317112>
(allow file-read* file-map-executable
(subpath "/AppleInternal")
(subpath "/usr/local/lib")
- (subpath "/usr/appleinternal/lib/sanitizers")))
+ (subpath "/usr/appleinternal/lib")))
(with-elevated-precedence
(allow file-read* file-map-executable file-issue-extension
(front-user-home-subpath "/XcodeBuiltProducts")))
Modified: trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in (278951 => 278952)
--- trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in 2021-06-16 19:58:32 UTC (rev 278951)
+++ trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in 2021-06-16 20:12:00 UTC (rev 278952)
@@ -59,7 +59,8 @@
(subpath "/System/Library/Frameworks")
(subpath "/System/Library/PrivateFrameworks")
(subpath "/usr/lib")
- (subpath "/usr/appleinternal/lib/sanitizers"))
+ (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
(allow file-read-metadata
(literal "/etc")
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (278951 => 278952)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-06-16 19:58:32 UTC (rev 278951)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-06-16 20:12:00 UTC (rev 278952)
@@ -67,8 +67,10 @@
(subpath "/System/Library/PrivateFrameworks")
(subpath "/usr/lib")
(subpath "/usr/local/lib/sanitizers") ;; FIXME(209820)
- (subpath "/usr/appleinternal/lib/sanitizers"))
+ (subpath "/usr/appleinternal/lib") ;; <rdar://problem/72317112>
+)
+
(allow file-read-metadata
(literal "/etc")
(literal "/tmp")
