Title: [209806] trunk/Source/WebKit2
- Revision
- 209806
- Author
- [email protected]
- Date
- 2016-12-14 09:17:41 -0800 (Wed, 14 Dec 2016)
Log Message
Unreviewed test fix after r209779.
The 'Keygen' element requires the ability to create new keys in '$HOME/Library/Keychains'. Remove the
WebProcess and Plugin sandbox restrictions on per-user Keychain creation to support this use.
* PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (209805 => 209806)
--- trunk/Source/WebKit2/ChangeLog 2016-12-14 16:34:48 UTC (rev 209805)
+++ trunk/Source/WebKit2/ChangeLog 2016-12-14 17:17:41 UTC (rev 209806)
@@ -1,3 +1,13 @@
+2016-12-14 Brent Fulgham <[email protected]>
+
+ Unreviewed test fix after r209779.
+
+ The 'Keygen' element requires the ability to create new keys in '$HOME/Library/Keychains'. Remove the
+ WebProcess and Plugin sandbox restrictions on per-user Keychain creation to support this use.
+
+ * PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2016-12-13 Yusuke Suzuki <[email protected]>
Use JSValue::toWTFString instead of calling toString(exec) and value(exec)
Modified: trunk/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in (209805 => 209806)
--- trunk/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in 2016-12-14 16:34:48 UTC (rev 209805)
+++ trunk/Source/WebKit2/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in 2016-12-14 17:17:41 UTC (rev 209806)
@@ -194,9 +194,12 @@
;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
;; Restrict AppSandboxed processes from creating /Library/Keychains, but allow access to the contents of /Library/Keychains:
(allow file-read-data file-read-metadata file-write-data
- (subpath "/Library/Keychains")
- (home-library-subpath "/Keychains"))
+ (subpath "/Library/Keychains"))
+;; Do permit creating per-user keychains
+(allow file-read* file-write*
+ (home-subpath "/Library/Keychains"))
+
;; Except deny access to new-style iOS Keychain folders which are UUIDs.
(deny file-read* file-write*
(regex (string-append "/Library/Keychains/" (uuid-regex-string) "(/|$)"))
Modified: trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (209805 => 209806)
--- trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-12-14 16:34:48 UTC (rev 209805)
+++ trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2016-12-14 17:17:41 UTC (rev 209806)
@@ -250,7 +250,10 @@
;; FIXME: This should be removed when <rdar://problem/10479685> is fixed.
;; Restrict AppSandboxed processes from creating /Library/Keychains, but allow access to the contents of /Library/Keychains:
(allow file-read-data file-read-metadata file-write-data
- (subpath "/Library/Keychains")
+ (subpath "/Library/Keychains"))
+
+;; Do permit creating per-user keychains
+(allow file-read* file-write*
(home-subpath "/Library/Keychains"))
;; Except deny access to new-style iOS Keychain folders which are UUIDs.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
