[webkit-changes] [292023] branches/safari-614.1.8-branch/Source/WebKit

[repstein]

Title: [292023] branches/safari-614.1.8-branch/Source/WebKit

Revision

292023

Author

repst...@apple.com

Date

2022-03-28 21:33:07 -0700 (Mon, 28 Mar 2022)

Log Message

Cherry-pick r291982. rdar://problem/90927474

    [iOS] Fix sandbox violation related to Network content filtering
    https://bugs.webkit.org/show_bug.cgi?id=238458
    <rdar://90927474>

    Reviewed by Brent Fulgham.

    After enabling Network content filtering in the Network process, a related sandbox rule should
    be moved to the Network process' sandbox.

    * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
    * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@291982 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

• branches/safari-614.1.8-branch/Source/WebKit/ChangeLog
• branches/safari-614.1.8-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in
• branches/safari-614.1.8-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in

Diff

Modified: branches/safari-614.1.8-branch/Source/WebKit/ChangeLog (292022 => 292023)

--- branches/safari-614.1.8-branch/Source/WebKit/ChangeLog	2022-03-29 03:35:40 UTC (rev 292022)
+++ branches/safari-614.1.8-branch/Source/WebKit/ChangeLog	2022-03-29 04:33:07 UTC (rev 292023)
@@ -1,5 +1,38 @@
 2022-03-28  Russell Epstein  <repst...@apple.com>
 
+        Cherry-pick r291982. rdar://problem/90927474
+
+    [iOS] Fix sandbox violation related to Network content filtering
+    https://bugs.webkit.org/show_bug.cgi?id=238458
+    <rdar://90927474>
+    
+    Reviewed by Brent Fulgham.
+    
+    After enabling Network content filtering in the Network process, a related sandbox rule should
+    be moved to the Network process' sandbox.
+    
+    * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
+    * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@291982 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2022-03-28  Per Arne Vollan  <pvol...@apple.com>
+
+            [iOS] Fix sandbox violation related to Network content filtering
+            https://bugs.webkit.org/show_bug.cgi?id=238458
+            <rdar://90927474>
+
+            Reviewed by Brent Fulgham.
+
+            After enabling Network content filtering in the Network process, a related sandbox rule should
+            be moved to the Network process' sandbox.
+
+            * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in:
+            * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+
+2022-03-28  Russell Epstein  <repst...@apple.com>
+
         Cherry-pick r292007. rdar://problem/90602918
 
     [macOS] Add `WKWebView` API to control CSS "small viewport" `sv*` and "large viewport" `lv*` units

Modified: branches/safari-614.1.8-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in (292022 => 292023)

--- branches/safari-614.1.8-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in	2022-03-29 03:35:40 UTC (rev 292022)
+++ branches/safari-614.1.8-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb.in	2022-03-29 04:33:07 UTC (rev 292023)
@@ -138,6 +138,10 @@
         (prefix "/private/var/db/com.apple.networkextension.")
     )
 
+#if ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
+    (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
+#endif
+
     (allow mach-lookup
            (global-name "com.apple.AppSSO.service-xpc"))
     (deny ipc-posix-shm-read-data 

Modified: branches/safari-614.1.8-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (292022 => 292023)

--- branches/safari-614.1.8-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2022-03-29 03:35:40 UTC (rev 292022)
+++ branches/safari-614.1.8-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2022-03-29 04:33:07 UTC (rev 292023)
@@ -1016,8 +1016,10 @@
 ;; Allow loading injected bundles.
 (allow file-map-executable)
 
+#if !ENABLE(CONTENT_FILTERING_IN_NETWORKING_PROCESS)
 ;; Allow ManagedPreference access
 (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
+#endif
 
 (allow file-read-data
     (literal "/usr/local/lib/log") ; <rdar://problem/36629495>

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes