[webkit-changes] [235506] trunk/Source/WebKit

Thu, 30 Aug 2018 09:31:27 -0700

Title: [235506] trunk/Source/WebKit
Revision
235506
Author
bfulg...@apple.com
Date
2018-08-30 09:30:11 -0700 (Thu, 30 Aug 2018)

Log Message

[macOS] Whitelist Network process features for VPN
https://bugs.webkit.org/show_bug.cgi?id=189023
<rdar://problem/43310000>

Reviewed by Eric Carlson.

CFNetwork needs access to some VPN preference files to configure networking, and
need to be allowed to communicate with the VPN process from the Network Process
sandbox.

* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (235505 => 235506)


--- trunk/Source/WebKit/ChangeLog	2018-08-30 14:44:59 UTC (rev 235505)
+++ trunk/Source/WebKit/ChangeLog	2018-08-30 16:30:11 UTC (rev 235506)
@@ -1,3 +1,17 @@
+2018-08-30  Brent Fulgham  <bfulg...@apple.com>
+
+        [macOS] Whitelist Network process features for VPN
+        https://bugs.webkit.org/show_bug.cgi?id=189023
+        <rdar://problem/43310000>
+
+        Reviewed by Eric Carlson.
+
+        CFNetwork needs access to some VPN preference files to configure networking, and
+        need to be allowed to communicate with the VPN process from the Network Process
+        sandbox.
+
+        * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+
 2018-08-30  Yoshiaki Jitsukawa  <yoshiaki.jitsuk...@sony.com>
 
         [ConnectionUnix] Shrink sizeof AttachmentInfo by reordering members

Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (235505 => 235506)


--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in	2018-08-30 14:44:59 UTC (rev 235505)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in	2018-08-30 16:30:11 UTC (rev 235506)
@@ -155,6 +155,7 @@
     (global-name "com.apple.cookied")
     (global-name "com.apple.cfnetwork.AuthBrokerAgent")
     (global-name "com.apple.cfnetwork.cfnetworkagent")
+    (global-name "com.apple.ist.ds.appleconnect2.service.kdctunnelcontroller")
     (global-name "com.apple.lsd.mapdb")
     (global-name "com.apple.nesessionmanager.flow-divert-token")
 )
@@ -197,8 +198,17 @@
        (literal "/Library/Preferences/com.apple.security.revocation.plist")
        (home-literal "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain")
        (home-literal "/Library/Preferences/com.apple.security.plist")
-       (home-literal "/Library/Preferences/com.apple.security.revocation.plist"))
+       (home-literal "/Library/Preferences/com.apple.security.revocation.plist")
 
+       ; Likewise for <rdar://problem/43310000>
+       (literal "/Library/Preferences/com.apple.ist.ds.appleconnect2.plist")
+       (literal "/Library/Preferences/com.apple.ist.ds.appleconnect2.production.plist")
+       (home-literal "/Library/Preferences/com.apple.ist.ds.appleconnect2.plist")
+       (home-literal "/Library/Preferences/com.apple.ist.ds.appleconnect2.production.plist")
+       (home-regex (string-append "/Library/Preferences/ByHost/com\.apple\.ist\.ds\.appleconnect2\." (uuid-regex-string) "\.plist$"))
+       (home-regex (string-append "/Library/Preferences/ByHost/com\.apple\.ist\.ds\.appleconnect2\.production\." (uuid-regex-string) "\.plist$"))
+)
+
 (allow ipc-posix-shm-read* ipc-posix-shm-write-data
        (ipc-posix-name "com.apple.AppleDatabaseChanged"))
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to