Title: [202389] trunk/Source/WebKit2
- Revision
- 202389
- Author
- [email protected]
- Date
- 2016-06-23 12:16:42 -0700 (Thu, 23 Jun 2016)
Log Message
[OS X][WK2] Expand sandbox for new mach endpoints
https://bugs.webkit.org/show_bug.cgi?id=159040
<rdar://problem/25238336>
Reviewed by Alexey Proskuryakov.
Grant the WebContent and Networking processes the mach lookup capability for
various Security-related mach endpoints..
* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (202388 => 202389)
--- trunk/Source/WebKit2/ChangeLog 2016-06-23 19:12:19 UTC (rev 202388)
+++ trunk/Source/WebKit2/ChangeLog 2016-06-23 19:16:42 UTC (rev 202389)
@@ -1,3 +1,17 @@
+2016-06-23 Brent Fulgham <[email protected]>
+
+ [OS X][WK2] Expand sandbox for new mach endpoints
+ https://bugs.webkit.org/show_bug.cgi?id=159040
+ <rdar://problem/25238336>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Grant the WebContent and Networking processes the mach lookup capability for
+ various Security-related mach endpoints..
+
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2016-06-23 Commit Queue <[email protected]>
Unreviewed, rolling out r201194.
Modified: trunk/Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (202388 => 202389)
--- trunk/Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2016-06-23 19:12:19 UTC (rev 202388)
+++ trunk/Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2016-06-23 19:16:42 UTC (rev 202389)
@@ -1,4 +1,4 @@
-; Copyright (C) 2013, 2014 Apple Inc. All rights reserved.
+; Copyright (C) 2013-2016 Apple Inc. All rights reserved.
;
; Redistribution and use in source and binary forms, with or without
; modification, are permitted provided that the following conditions
@@ -103,7 +103,10 @@
;; Security framework
(allow mach-lookup
+ (global-name "com.apple.ctkd.token-client")
(global-name "com.apple.ocspd")
+ (global-name "com.apple.securityd.xpc")
+ (global-name "com.apple.CoreAuthentication.agent.libxpc")
(global-name "com.apple.SecurityServer"))
(allow file-read* file-write* (home-subpath "/Library/Keychains")) ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
(allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
Modified: trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (202388 => 202389)
--- trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-06-23 19:12:19 UTC (rev 202388)
+++ trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-06-23 19:16:42 UTC (rev 202389)
@@ -204,7 +204,10 @@
;; Security framework
(allow mach-lookup
+ (global-name "com.apple.ctkd.token-client")
(global-name "com.apple.ocspd")
+ (global-name "com.apple.securityd.xpc")
+ (global-name "com.apple.CoreAuthentication.agent.libxpc")
(global-name "com.apple.SecurityServer"))
(allow file-read* file-write* (home-subpath "/Library/Keychains")) ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
(allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
