[webkit-changes] [222984] trunk/Source/WebKit

[bfulgham]

Title: [222984] trunk/Source/WebKit

Revision

222984

Author

bfulg...@apple.com

Date

2017-10-06 09:40:53 -0700 (Fri, 06 Oct 2017)

Log Message

Sandbox rules block PluginProcess using "File Open/Save" dialogs
https://bugs.webkit.org/show_bug.cgi?id=177965
<rdar://problem/33976846>

Reviewed by Alexey Proskuryakov.

Update the PluginProcess sandboxes to allow the same XPC services as
the WebContent process. Also allow access to the openAndSavePanelServices.

* PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in

Diff

Modified: trunk/Source/WebKit/ChangeLog (222983 => 222984)

--- trunk/Source/WebKit/ChangeLog	2017-10-06 16:37:56 UTC (rev 222983)
+++ trunk/Source/WebKit/ChangeLog	2017-10-06 16:40:53 UTC (rev 222984)
@@ -1,3 +1,16 @@
+2017-10-06  Brent Fulgham  <bfulg...@apple.com>
+
+        Sandbox rules block PluginProcess using "File Open/Save" dialogs
+        https://bugs.webkit.org/show_bug.cgi?id=177965
+        <rdar://problem/33976846>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Update the PluginProcess sandboxes to allow the same XPC services as
+        the WebContent process. Also allow access to the openAndSavePanelServices.
+
+        * PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in: 
+
 2017-10-06  Brady Eidson  <beid...@apple.com>
 
         Add (entirely incorrect) fetching of ServiceWorker scripts.

Modified: trunk/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in (222983 => 222984)

--- trunk/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in	2017-10-06 16:37:56 UTC (rev 222983)
+++ trunk/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in	2017-10-06 16:40:53 UTC (rev 222984)
@@ -124,6 +124,17 @@
 
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300
 (deny mach-lookup (xpc-service-name-prefix ""))
+(allow mach-lookup
+    (xpc-service-name "com.apple.ViewBridgeAuxiliary")
+    (xpc-service-name "com.apple.accessibility.mediaaccessibilityd")
+    (xpc-service-name "com.apple.appkit.xpc.openAndSavePanelService")
+    (xpc-service-name "com.apple.audio.SandboxHelper")
+    (xpc-service-name "com.apple.coremedia.videodecoder")
+    (xpc-service-name "com.apple.coremedia.videoencoder")
+    (xpc-service-name-regex #"\.apple-extension-service$")
+    (xpc-service-name "com.apple.hiservices-xpcservice")
+    (xpc-service-name "com.apple.print.normalizerd")
+)
 #endif
 
 ;; Utility functions

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes