Title: [235411] trunk/Source/WebKit
- Revision
- 235411
- Author
- pvol...@apple.com
- Date
- 2018-08-27 16:47:40 -0700 (Mon, 27 Aug 2018)
Log Message
[macOS] Block CoreServices in sandbox.
https://bugs.webkit.org/show_bug.cgi?id=189005
<rdar://problem/35369091>
Reviewed by Brent Fulgham.
The sandbox for the WebContent process should block CoreServices.
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (235410 => 235411)
--- trunk/Source/WebKit/ChangeLog 2018-08-27 23:41:11 UTC (rev 235410)
+++ trunk/Source/WebKit/ChangeLog 2018-08-27 23:47:40 UTC (rev 235411)
@@ -1,3 +1,15 @@
+2018-08-27 Per Arne Vollan <pvol...@apple.com>
+
+ [macOS] Block CoreServices in sandbox.
+ https://bugs.webkit.org/show_bug.cgi?id=189005
+ <rdar://problem/35369091>
+
+ Reviewed by Brent Fulgham.
+
+ The sandbox for the WebContent process should block CoreServices.
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2018-08-27 Simon Fraser <simon.fra...@apple.com>
Teach WebKitTestRunner and DumpRenderTree about detecting world leaks
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (235410 => 235411)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2018-08-27 23:41:11 UTC (rev 235410)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2018-08-27 23:47:40 UTC (rev 235411)
@@ -647,7 +647,10 @@
;; CoreFoundation. We don't import com.apple.corefoundation.sb, because it allows unnecessary access to pasteboard.
(allow mach-lookup
(global-name-regex #"^com.apple.distributed_notifications")
- (global-name "com.apple.CoreServices.coreservicesd"))
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101400
+ (global-name "com.apple.CoreServices.coreservicesd")
+#endif
+)
(allow file-read-data
(literal "/dev/autofs_nowait")) ; Used by CF to circumvent automount triggers
(allow ipc-posix-shm
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes