Title: [227908] trunk/Tools
- Revision
- 227908
- Author
- [email protected]
- Date
- 2018-01-31 11:13:31 -0800 (Wed, 31 Jan 2018)
Log Message
[macOS] MiniBrowser isn’t app-sandboxed
https://bugs.webkit.org/show_bug.cgi?id=182147
Reviewed by Sam Weinig.
Enable App Sandbox and add a temporary exception allowing read access to all files.
* MiniBrowser/Configurations/Base.xcconfig: Enabled ad-hoc code signing.
* MiniBrowser/Configurations/MiniBrowser.xcconfig: Specified the entitlements file to use.
* MiniBrowser/MiniBrowser.entitlements: Added. Enables App Sandbox with outbound networking
and read access from /.
* MiniBrowser/MiniBrowser.xcodeproj/project.pbxproj: Added reference to new file.
Modified Paths
Added Paths
Diff
Modified: trunk/Tools/ChangeLog (227907 => 227908)
--- trunk/Tools/ChangeLog 2018-01-31 19:10:36 UTC (rev 227907)
+++ trunk/Tools/ChangeLog 2018-01-31 19:13:31 UTC (rev 227908)
@@ -1,3 +1,18 @@
+2018-01-31 Dan Bernstein <[email protected]>
+
+ [macOS] MiniBrowser isn’t app-sandboxed
+ https://bugs.webkit.org/show_bug.cgi?id=182147
+
+ Reviewed by Sam Weinig.
+
+ Enable App Sandbox and add a temporary exception allowing read access to all files.
+
+ * MiniBrowser/Configurations/Base.xcconfig: Enabled ad-hoc code signing.
+ * MiniBrowser/Configurations/MiniBrowser.xcconfig: Specified the entitlements file to use.
+ * MiniBrowser/MiniBrowser.entitlements: Added. Enables App Sandbox with outbound networking
+ and read access from /.
+ * MiniBrowser/MiniBrowser.xcodeproj/project.pbxproj: Added reference to new file.
+
2018-01-31 Philippe Normand <[email protected]>
[JHBuild] Add gstreamer-vaapi in moduleset
Modified: trunk/Tools/MiniBrowser/Configurations/Base.xcconfig (227907 => 227908)
--- trunk/Tools/MiniBrowser/Configurations/Base.xcconfig 2018-01-31 19:10:36 UTC (rev 227907)
+++ trunk/Tools/MiniBrowser/Configurations/Base.xcconfig 2018-01-31 19:13:31 UTC (rev 227908)
@@ -75,3 +75,5 @@
OTHER_CFLAGS = $(ASAN_OTHER_CFLAGS);
OTHER_CPLUSPLUSFLAGS = $(ASAN_OTHER_CPLUSPLUSFLAGS);
OTHER_LDFLAGS = $(ASAN_OTHER_LDFLAGS);
+
+CODE_SIGN_IDENTITY = -;
Modified: trunk/Tools/MiniBrowser/Configurations/MiniBrowser.xcconfig (227907 => 227908)
--- trunk/Tools/MiniBrowser/Configurations/MiniBrowser.xcconfig 2018-01-31 19:10:36 UTC (rev 227907)
+++ trunk/Tools/MiniBrowser/Configurations/MiniBrowser.xcconfig 2018-01-31 19:13:31 UTC (rev 227908)
@@ -22,6 +22,7 @@
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRODUCT_NAME = MiniBrowser
+CODE_SIGN_ENTITLEMENTS = MiniBrowser.entitlements;
PRODUCT_BUNDLE_IDENTIFIER = org.webkit.$(PRODUCT_NAME:rfc1034identifier)
GCC_PREFIX_HEADER = mac/MiniBrowser_Prefix.pch
INFOPLIST_FILE = mac/Info.plist
Added: trunk/Tools/MiniBrowser/MiniBrowser.entitlements (0 => 227908)
--- trunk/Tools/MiniBrowser/MiniBrowser.entitlements (rev 0)
+++ trunk/Tools/MiniBrowser/MiniBrowser.entitlements 2018-01-31 19:13:31 UTC (rev 227908)
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>com.apple.security.app-sandbox</key>
+ <true/>
+ <key>com.apple.security.network.client</key>
+ <true/>
+ <key>com.apple.security.temporary-exception.files.absolute-path.read-only</key>
+ <string>/</string>
+</dict>
+</plist>
Modified: trunk/Tools/MiniBrowser/MiniBrowser.xcodeproj/project.pbxproj (227907 => 227908)
--- trunk/Tools/MiniBrowser/MiniBrowser.xcodeproj/project.pbxproj 2018-01-31 19:10:36 UTC (rev 227907)
+++ trunk/Tools/MiniBrowser/MiniBrowser.xcodeproj/project.pbxproj 2018-01-31 19:13:31 UTC (rev 227908)
@@ -67,6 +67,7 @@
29B97325FDCFA39411CA2CEA /* Foundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Foundation.framework; path = /System/Library/Frameworks/Foundation.framework; sourceTree = "<absolute>"; };
2DC37341198B62D300EC33E9 /* SettingsController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = SettingsController.h; path = mac/SettingsController.h; sourceTree = "<group>"; };
2DC37342198B62D300EC33E9 /* SettingsController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = SettingsController.m; path = mac/SettingsController.m; sourceTree = "<group>"; };
+ 37BAF90620218053000EA879 /* MiniBrowser.entitlements */ = {isa = PBXFileReference; lastKnownFileType = text.plist.entitlements; path = MiniBrowser.entitlements; sourceTree = "<group>"; };
51E244F811EFCE07008228D1 /* MBToolbarItem.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MBToolbarItem.h; sourceTree = "<group>"; };
51E244F911EFCE07008228D1 /* MBToolbarItem.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MBToolbarItem.m; sourceTree = "<group>"; };
7CA3793F1AC381C10079DC37 /* ExtensionManagerWindowController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ExtensionManagerWindowController.h; path = mac/ExtensionManagerWindowController.h; sourceTree = "<group>"; };
@@ -116,6 +117,7 @@
BC329486116A92E2008635D0 /* main.m */,
51E244F811EFCE07008228D1 /* MBToolbarItem.h */,
51E244F911EFCE07008228D1 /* MBToolbarItem.m */,
+ 37BAF90620218053000EA879 /* MiniBrowser.entitlements */,
2DC37341198B62D300EC33E9 /* SettingsController.h */,
2DC37342198B62D300EC33E9 /* SettingsController.m */,
0FE643A2161FAC660059E3FF /* WK1BrowserWindowController.h */,
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
