Skip to site navigation (Press enter)

[webkit-changes] [229345] tags/Safari-606.1.7/Source/WebKit

kocsen_chung Tue, 06 Mar 2018 15:20:17 -0800

Title: [229345] tags/Safari-606.1.7/Source/WebKit

Revision: 229345
Author: kocsen_ch...@apple.com
Date: 2018-03-06 15:19:56 -0800 (Tue, 06 Mar 2018)

Log Message

Revert r229093. rdar://problem/38197270


Modified Paths

tags/Safari-606.1.7/Source/WebKit/ChangeLog
tags/Safari-606.1.7/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb
tags/Safari-606.1.7/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in

Diff

Modified: tags/Safari-606.1.7/Source/WebKit/ChangeLog (229344 => 229345)


--- tags/Safari-606.1.7/Source/WebKit/ChangeLog	2018-03-06 22:49:27 UTC (rev 229344)
+++ tags/Safari-606.1.7/Source/WebKit/ChangeLog	2018-03-06 23:19:56 UTC (rev 229345)
@@ -1,3 +1,7 @@
+2018-03-06  Kocsen Chung  <kocsen_ch...@apple.com>
+
+        Revert r229093. rdar://problem/38197270
+
 2018-03-02  Brian Burg  <bb...@apple.com>
 
         Web Automation: script evaluations via WebDriver should have a user gesture indicator

Modified: tags/Safari-606.1.7/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (229344 => 229345)


--- tags/Safari-606.1.7/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2018-03-06 22:49:27 UTC (rev 229344)
+++ tags/Safari-606.1.7/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2018-03-06 23:19:56 UTC (rev 229345)
@@ -229,6 +229,8 @@
 (allow-create-directory
     (home-literal "/Library/Caches/com.apple.DictionaryServices"))
 
+(allow-network-common)
+
 ; <rdar://problem/8548856> Sub-TLF: Sandbox change for apps for read-only access to the dictionary directory/data
 (allow file-read*
     ; XXX - /Library ought to be allowed in all UI profiles but isn't (CF, MobileSafari)
@@ -380,6 +382,8 @@
 ;; AWD logging
 (awd-log-directory "com.apple.WebKit.WebContent")
 
+(network-client (remote tcp) (remote udp))
+
 ;; Allow ManagedPreference access
 (allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))

Modified: tags/Safari-606.1.7/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (229344 => 229345)


--- tags/Safari-606.1.7/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2018-03-06 22:49:27 UTC (rev 229344)
+++ tags/Safari-606.1.7/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2018-03-06 23:19:56 UTC (rev 229345)
@@ -1,4 +1,4 @@
-; Copyright (C) 2010-2018 Apple Inc. All rights reserved.
+; Copyright (C) 2010-2017 Apple Inc. All rights reserved.
 ;
 ; Redistribution and use in source and binary forms, with or without
 ; modification, are permitted provided that the following conditions
@@ -78,12 +78,11 @@
        file-ioctl
     (literal "/dev/dtracehelper"))
 
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101300
 (allow network-outbound
     (literal "/private/var/run/asl_input")
     (literal "/private/var/run/syslog"))
-#endif
 
+
 ;;; Allow creation of core dumps.
 (allow file-write-create
     (require-all (prefix "/cores/")
@@ -141,6 +140,27 @@
         (iokit-property "ggcs")
         (iokit-property "bgcs")))))
 
+
+;;; (system-network) - Allow access to the network.
+(define (system-network)
+    (allow file-read*
+        (literal "/Library/Preferences/com.apple.networkd.plist"))
+    (allow mach-lookup
+        (global-name "com.apple.SystemConfiguration.PPPController")
+        (global-name "com.apple.SystemConfiguration.SCNetworkReachability")
+        (global-name "com.apple.nehelper")
+        (global-name "com.apple.networkd")
+        (global-name "com.apple.nsurlstorage-cache")
+        (global-name "com.apple.symptomsd")
+        (global-name "com.apple.usymptomsd"))
+    (allow network-outbound
+        (control-name "com.apple.netsrc")
+        (control-name "com.apple.network.statistics"))
+    (allow system-socket
+        (require-all (socket-domain AF_SYSTEM)
+        (socket-protocol 2)) ; SYSPROTO_CONTROL
+    (socket-domain AF_ROUTE)))
+
 ;;;
 ;;; End rules originally copied from 'system.sb'
 ;;;
@@ -626,13 +646,11 @@
 (system-graphics)
 
 ;; Networking
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101300
 (system-network)
 (allow network-outbound
        ;; Local mDNSResponder for DNS, arbitrary outbound TCP
        (literal "/private/var/run/mDNSResponder")
        (remote tcp))
-#endif
 
 #if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101300
 ;; CFNetwork
@@ -645,10 +663,8 @@
        (global-name "com.apple.GSSCred")
        (global-name "com.apple.system.logger")
        (global-name "com.apple.system.notification_center"))
-#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101300
 (allow network-outbound
        (remote udp))
-#endif
 (allow user-preference-read
     (preference-domain
         "com.apple.Kerberos"

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes