Title: [291982] trunk/Source/WebKit
- Revision
- 291982
- Author
- pvol...@apple.com
- Date
- 2022-03-28 12:33:54 -0700 (Mon, 28 Mar 2022)
Log Message
[iOS] Fix sandbox violation related to Network content filtering
https://bugs.webkit.org/show_bug.cgi?id=238458
<rdar://90927474>
Reviewed by Brent Fulgham.
After enabling Network content filtering in the Network process, a related sandbox rule should
be moved to the Network process' sandbox.
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (291981 => 291982)
--- trunk/Source/WebKit/ChangeLog 2022-03-28 18:45:53 UTC (rev 291981)
+++ trunk/Source/WebKit/ChangeLog 2022-03-28 19:33:54 UTC (rev 291982)
@@ -1,3 +1,17 @@
+2022-03-28 Per Arne Vollan <pvol...@apple.com>
+
+ [iOS] Fix sandbox violation related to Network content filtering
+ https://bugs.webkit.org/show_bug.cgi?id=238458
+ <rdar://90927474>
+
+ Reviewed by Brent Fulgham.
+
+ After enabling Network content filtering in the Network process, a related sandbox rule should
+ be moved to the Network process' sandbox.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+
2022-03-28 Devin Rousso <drou...@apple.com>
[iOS] Add `WKWebView` API to control CSS "small viewport" `sv*` and "large viewport" `lv*` units
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in (291981 => 291982)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in 2022-03-28 18:45:53 UTC (rev 291981)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in 2022-03-28 19:33:54 UTC (rev 291982)
@@ -138,6 +138,10 @@
(prefix "/private/var/db/com.apple.networkextension.")
)
+#if ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
+ (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
+#endif
+
(allow mach-lookup
(global-name "com.apple.AppSSO.service-xpc"))
(deny ipc-posix-shm-read-data
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (291981 => 291982)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2022-03-28 18:45:53 UTC (rev 291981)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in 2022-03-28 19:33:54 UTC (rev 291982)
@@ -1016,8 +1016,10 @@
;; Allow loading injected bundles.
(allow file-map-executable)
+#if !ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
;; Allow ManagedPreference access
(allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
+#endif
(allow file-read-data
(literal "/usr/local/lib/log") ; <rdar://problem/36629495>
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes