Title: [208702] trunk/Source/WebKit2
- Revision
- 208702
- Author
- [email protected]
- Date
- 2016-11-14 13:02:20 -0800 (Mon, 14 Nov 2016)
Log Message
Keychain access in WebKit should be limited to a single process. Earlier this was blocked on the networking framework requiring direct access to keychain, this will be resolved in the upcoming version of macOS.
https://bugs.webkit.org/show_bug.cgi?id=163710
<rdar://problem/24357468>
Reviewed by Darin Adler.
* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (208701 => 208702)
--- trunk/Source/WebKit2/ChangeLog 2016-11-14 20:57:27 UTC (rev 208701)
+++ trunk/Source/WebKit2/ChangeLog 2016-11-14 21:02:20 UTC (rev 208702)
@@ -1,3 +1,14 @@
+2016-11-14 Pranjal Jumde <[email protected]>
+
+ Keychain access in WebKit should be limited to a single process. Earlier this was blocked on the networking framework requiring direct access to keychain, this will be resolved in the upcoming version of macOS.
+ https://bugs.webkit.org/show_bug.cgi?id=163710
+ <rdar://problem/24357468>
+
+ Reviewed by Darin Adler.
+
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2016-11-13 Darin Adler <[email protected]>
Remove many includes of ExceptionCode.h
Modified: trunk/Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (208701 => 208702)
--- trunk/Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2016-11-14 20:57:27 UTC (rev 208701)
+++ trunk/Source/WebKit2/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2016-11-14 21:02:20 UTC (rev 208702)
@@ -108,10 +108,17 @@
(global-name "com.apple.securityd.xpc")
(global-name "com.apple.CoreAuthentication.agent.libxpc")
(global-name "com.apple.SecurityServer"))
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101200
(allow file-read* file-write* (home-subpath "/Library/Keychains")) ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
+#endif
+
(allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
+
(allow file-read*
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101200
(subpath "/Library/Keychains")
+#endif
(subpath "/private/var/db/mds")
(literal "/private/var/db/DetachedSignatures")
(literal "/Library/Preferences/com.apple.crypto.plist")
@@ -121,6 +128,7 @@
(home-literal "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain")
(home-literal "/Library/Preferences/com.apple.security.plist")
(home-literal "/Library/Preferences/com.apple.security.revocation.plist"))
+
(allow ipc-posix-shm-read* ipc-posix-shm-write-data
(ipc-posix-name "com.apple.AppleDatabaseChanged"))
Modified: trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (208701 => 208702)
--- trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-11-14 20:57:27 UTC (rev 208701)
+++ trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-11-14 21:02:20 UTC (rev 208702)
@@ -207,10 +207,17 @@
(global-name "com.apple.securityd.xpc")
(global-name "com.apple.CoreAuthentication.agent.libxpc")
(global-name "com.apple.SecurityServer"))
+
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101200
(allow file-read* file-write* (home-subpath "/Library/Keychains")) ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
+#endif
+
(allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
+
(allow file-read*
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101200
(subpath "/Library/Keychains")
+#endif
(subpath "/private/var/db/mds")
(literal "/private/var/db/DetachedSignatures")
(literal "/Library/Preferences/com.apple.crypto.plist")
@@ -220,6 +227,7 @@
(home-literal "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain")
(home-literal "/Library/Preferences/com.apple.security.plist")
(home-literal "/Library/Preferences/com.apple.security.revocation.plist"))
+
(allow ipc-posix-shm-read* ipc-posix-shm-write-data
(ipc-posix-name "com.apple.AppleDatabaseChanged"))
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
