Title: [245246] trunk/Source/WebKit
Revision
245246
Author
bfulg...@apple.com
Date
2019-05-13 12:53:44 -0700 (Mon, 13 May 2019)

Log Message

Correct the sandbox to allow loading libraries from /Library/Apple
https://bugs.webkit.org/show_bug.cgi?id=197844

Reviewed by Per Arne Vollan.

Grant access to '/Library/Apple' as an appropriate place to load
system frameworks.

* WebProcess/com.apple.WebProcess.sb.in:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (245245 => 245246)


--- trunk/Source/WebKit/ChangeLog	2019-05-13 19:40:01 UTC (rev 245245)
+++ trunk/Source/WebKit/ChangeLog	2019-05-13 19:53:44 UTC (rev 245246)
@@ -1,3 +1,15 @@
+2019-05-13  Brent Fulgham  <bfulg...@apple.com>
+
+        Correct the sandbox to allow loading libraries from /Library/Apple 
+        https://bugs.webkit.org/show_bug.cgi?id=197844
+
+        Reviewed by Per Arne Vollan.
+
+        Grant access to '/Library/Apple' as an appropriate place to load
+        system frameworks.
+
+        * WebProcess/com.apple.WebProcess.sb.in:
+
 2019-05-13  Chris Dumez  <cdu...@apple.com>
 
         Unreviewed, rolling out r245240.

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (245245 => 245246)


--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2019-05-13 19:40:01 UTC (rev 245245)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2019-05-13 19:53:44 UTC (rev 245246)
@@ -40,6 +40,7 @@
 (allow file-read*
     (require-all (file-mode #o0004)
     (require-any (subpath "/Library/Filesystems/NetFSPlugins")
+    (subpath "/Library/Apple/System")
     (subpath "/Library/Preferences/Logging")      ; Logging Rethink
     (subpath "/System")
     (subpath "/private/var/db/dyld")
@@ -53,6 +54,15 @@
     (subpath "/AppleInternal/Library/Preferences/Logging")
     (system-attribute apple-internal)))
 
+;;; Allow mapping of system frameworks + dylibs
+(allow file-map-executable
+    (subpath "/Library/Apple/System/Library/Frameworks")
+    (subpath "/Library/Apple/System/Library/PrivateFrameworks")
+    (subpath "/System/Library/Frameworks")
+    (subpath "/System/Library/PrivateFrameworks")
+    (subpath "/usr/lib")
+    (literal "/usr/local/lib/sanitizers"))
+
 (allow file-read-metadata
     (literal "/etc")
     (literal "/tmp")
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to