[webkit-changes] [292171] trunk/Source/WebKit

[achristensen]

Title: [292171] trunk/Source/WebKit

Revision

292171

Author

achristen...@apple.com

Date

2022-03-31 13:55:12 -0700 (Thu, 31 Mar 2022)

Log Message

Expand adattributiond sandbox slightly to avoid sandbox crashes
https://bugs.webkit.org/show_bug.cgi?id=238609
<rdar://91073280>

Reviewed by Per Arne Vollan.

* Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb.in:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (292170 => 292171)

--- trunk/Source/WebKit/ChangeLog	2022-03-31 20:43:03 UTC (rev 292170)
+++ trunk/Source/WebKit/ChangeLog	2022-03-31 20:55:12 UTC (rev 292171)
@@ -1,3 +1,13 @@
+2022-03-31  Alex Christensen  <achristen...@webkit.org>
+
+        Expand adattributiond sandbox slightly to avoid sandbox crashes
+        https://bugs.webkit.org/show_bug.cgi?id=238609
+        <rdar://91073280>
+
+        Reviewed by Per Arne Vollan.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb.in:
+
 2022-03-31  Fujii Hironori  <hironori.fu...@sony.com>
 
         [WinCairo][WK2] fast/events/wheel/wheelevent-basic.html is timing out

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb.in (292170 => 292171)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb.in	2022-03-31 20:43:03 UTC (rev 292170)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.adattributiond.sb.in	2022-03-31 20:55:12 UTC (rev 292171)
@@ -91,6 +91,8 @@
 (allow sysctl-read
     (sysctl-name
         "hw.activecpu"
+        "hw.osenvironment"
+        "hw.target"
         "hw.machine"
         "hw.memsize"
         "hw.ncpu"
@@ -109,6 +111,14 @@
     (sysctl-name-prefix "kern.proc.pid.")
 )
 
+(with-filter (system-attribute apple-internal)
+    (allow sysctl-read sysctl-write
+        (sysctl-name
+            "vm.footprint_suspend"
+        )
+    )
+)
+
 (allow-read-write-directory-contents (param "DARWIN_USER_CACHE_DIR"))
 (allow-read-write-directory-contents (param "DARWIN_USER_TEMP_DIR"))
 
@@ -135,6 +145,10 @@
 (allow file-read*
        (literal "/private/var/preferences/com.apple.networkd.plist"))
 
+;; Note this does not allow subpaths of "/"
+(allow file-read* file-test-existence
+       (literal "/"))
+
 (allow file-read-data
     (literal "/System/Library/CoreServices/SystemVersion.plist")
     (literal "/usr/lib/log")

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes