Title: [235781] trunk/Source/WebKit
- Revision
- 235781
- Author
- [email protected]
- Date
- 2018-09-07 05:28:25 -0700 (Fri, 07 Sep 2018)
Log Message
[iOS] Move default mach-lookup deny to after common.sb is imported
https://bugs.webkit.org/show_bug.cgi?id=189385
<rdar://problem/43624193>
Reviewed by Eric Carlson.
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Move the 'deny mach-lookup' call later in the file.
* Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb: Ditto.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Ditto.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (235780 => 235781)
--- trunk/Source/WebKit/ChangeLog 2018-09-07 05:55:15 UTC (rev 235780)
+++ trunk/Source/WebKit/ChangeLog 2018-09-07 12:28:25 UTC (rev 235781)
@@ -1,3 +1,15 @@
+2018-09-07 Brent Fulgham <[email protected]>
+
+ [iOS] Move default mach-lookup deny to after common.sb is imported
+ https://bugs.webkit.org/show_bug.cgi?id=189385
+ <rdar://problem/43624193>
+
+ Reviewed by Eric Carlson.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: Move the 'deny mach-lookup' call later in the file.
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb: Ditto.
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: Ditto.
+
2018-09-06 Wenson Hsieh <[email protected]>
Refactor WebCore::EditAction to be an 8-bit enum class
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (235780 => 235781)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2018-09-07 05:55:15 UTC (rev 235780)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2018-09-07 12:28:25 UTC (rev 235781)
@@ -25,10 +25,10 @@
(deny default (with partial-symbolication))
(allow system-audit file-read-metadata)
-(deny mach-lookup (xpc-service-name-prefix ""))
-
(import "common.sb")
+(deny mach-lookup (xpc-service-name-prefix #""))
+
(deny lsopen)
(deny sysctl*)
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb (235780 => 235781)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb 2018-09-07 05:55:15 UTC (rev 235780)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb 2018-09-07 12:28:25 UTC (rev 235781)
@@ -1,4 +1,4 @@
-; Copyright (C) 2014 Apple Inc. All rights reserved.
+; Copyright (C) 2014-2018 Apple Inc. All rights reserved.
;
; Redistribution and use in source and binary forms, with or without
; modification, are permitted provided that the following conditions
@@ -25,10 +25,10 @@
(deny default (with partial-symbolication))
(allow system-audit file-read-metadata)
-(deny mach-lookup (xpc-service-name-prefix ""))
-
(import "common.sb")
+(deny mach-lookup (xpc-service-name-prefix #""))
+
(deny lsopen)
(allow file-read* file-write* (extension "com.apple.app-sandbox.read-write"))
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (235780 => 235781)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2018-09-07 05:55:15 UTC (rev 235780)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2018-09-07 12:28:25 UTC (rev 235781)
@@ -25,10 +25,10 @@
(deny default (with partial-symbolication))
(allow system-audit file-read-metadata)
-(deny mach-lookup (xpc-service-name-prefix ""))
-
(import "common.sb")
+(deny mach-lookup (xpc-service-name-prefix #""))
+
(deny lsopen)
;;;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
