[webkit-changes] [291982] trunk/Source/WebKit

[pvollan]

Title: [291982] trunk/Source/WebKit

Revision

291982

Author

pvol...@apple.com

Date

2022-03-28 12:33:54 -0700 (Mon, 28 Mar 2022)

Log Message

[iOS] Fix sandbox violation related to Network content filtering
https://bugs.webkit.org/show_bug.cgi?id=238458
<rdar://90927474>

Reviewed by Brent Fulgham.

After enabling Network content filtering in the Network process, a related sandbox rule should
be moved to the Network process' sandbox.

* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (291981 => 291982)

--- trunk/Source/WebKit/ChangeLog	2022-03-28 18:45:53 UTC (rev 291981)
+++ trunk/Source/WebKit/ChangeLog	2022-03-28 19:33:54 UTC (rev 291982)
@@ -1,3 +1,17 @@
+2022-03-28  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Fix sandbox violation related to Network content filtering
+        https://bugs.webkit.org/show_bug.cgi?id=238458
+        <rdar://90927474>
+ 
+        Reviewed by Brent Fulgham.
+
+        After enabling Network content filtering in the Network process, a related sandbox rule should
+        be moved to the Network process' sandbox.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+
 2022-03-28  Devin Rousso  <drou...@apple.com>
 
         [iOS] Add `WKWebView` API to control CSS "small viewport" `sv*` and "large viewport" `lv*` units

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in (291981 => 291982)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in	2022-03-28 18:45:53 UTC (rev 291981)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in	2022-03-28 19:33:54 UTC (rev 291982)
@@ -138,6 +138,10 @@
         (prefix "/private/var/db/com.apple.networkextension.")
     )
 
+#if ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
+    (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
+#endif
+
     (allow mach-lookup
            (global-name "com.apple.AppSSO.service-xpc"))
     (deny ipc-posix-shm-read-data 

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (291981 => 291982)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2022-03-28 18:45:53 UTC (rev 291981)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2022-03-28 19:33:54 UTC (rev 291982)
@@ -1016,8 +1016,10 @@
 ;; Allow loading injected bundles.
 (allow file-map-executable)
 
+#if !ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
 ;; Allow ManagedPreference access
 (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
+#endif
 
 (allow file-read-data
     (literal "/usr/local/lib/log") ; <rdar://problem/36629495>

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes