[webkit-changes] [254993] trunk/Source/WebKit

[bfulgham]

Title: [254993] trunk/Source/WebKit

Revision

254993

Author

bfulg...@apple.com

Date

2020-01-23 11:50:05 -0800 (Thu, 23 Jan 2020)

Log Message

[iOS] Unreviewed follow-up sandbox fix.
https://bugs.webkit.org/show_bug.cgi?id=206562
<rdar://problem/58778970>

I missed a couple of rules that are being overly chatty in the logs in r254982.
This adds appropriate commands to silence them.

* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb
• trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb

Diff

Modified: trunk/Source/WebKit/ChangeLog (254992 => 254993)

--- trunk/Source/WebKit/ChangeLog	2020-01-23 19:33:54 UTC (rev 254992)
+++ trunk/Source/WebKit/ChangeLog	2020-01-23 19:50:05 UTC (rev 254993)
@@ -1,3 +1,15 @@
+2020-01-23  Brent Fulgham  <bfulg...@apple.com>
+
+        [iOS] Unreviewed follow-up sandbox fix.
+        https://bugs.webkit.org/show_bug.cgi?id=206562
+        <rdar://problem/58778970>
+
+        I missed a couple of rules that are being overly chatty in the logs in r254982.
+        This adds appropriate commands to silence them.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2020-01-23  Per Arne Vollan  <pvol...@apple.com>
 
         [iOS] Make it possible for WebKit clients to enable connections to asset services in the WebContent process

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (254992 => 254993)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2020-01-23 19:33:54 UTC (rev 254992)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2020-01-23 19:50:05 UTC (rev 254993)
@@ -418,9 +418,14 @@
     (global-name "com.apple.logd.events"))
 
 (allow mach-lookup (with report) (with telemetry)
-    (global-name "com.apple.cfprefsd.daemon")
     (global-name "com.apple.cfprefsd.agent")
-    (local-name "com.apple.cfprefsd.agent"))
+    (local-name "com.apple.cfprefsd.agent")
+)
+
+(allow mach-lookup (with telemetry)
+    (global-name "com.apple.cfprefsd.daemon") ;; Needed by _CFPreferencesGetAppBooleanValueWithContainer and others.
+)
+
 (allow ipc-posix-shm-read*
     (ipc-posix-name-prefix "apple.cfprefs."))
 
@@ -480,7 +485,6 @@
     (sysctl-name "kern.ostype")
     (sysctl-name "kern.osversion")
     (sysctl-name "kern.saved_ids")
-    (sysctl-name "kern.secure_kernel")
     (sysctl-name "kern.usrstack")
     (sysctl-name "kern.usrstack64")
     (sysctl-name "kern.version")
@@ -505,8 +509,8 @@
 
 (allow mach-lookup (with report) (with telemetry)
     (global-name "com.apple.system.notification_center"))
-(allow ipc-posix-shm-read*  (with report) (with telemetry)
-    (ipc-posix-name "apple.shm.notification_center"))
+(allow ipc-posix-shm-read* (with telemetry)
+    (ipc-posix-name "apple.shm.notification_center")) ;; Needed by os_log_create
 
 (allow mach-lookup (with report) (with telemetry)
     (global-name "com.apple.distributed_notifications@1v3"))
@@ -562,6 +566,7 @@
         "kern.memorystatus_level"
         "kern.osproductversion" ;; Needed by CFNetwork (HSTS store and others)
         "kern.osvariant_status" ;; Needed for bundle loading
+        "kern.secure_kernel" ;; Needed by XPC bundle resolution
         "kern.tcsm_available" ;; Needed for IndexedDB support
         "vm.footprint_suspend"))
 

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (254992 => 254993)

--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-23 19:33:54 UTC (rev 254992)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2020-01-23 19:50:05 UTC (rev 254993)
@@ -822,7 +822,7 @@
         "kern.osproductversion"
         "kern.osrelease"
         "kern.osvariant_status"
-        "kern.secure_kernel"
+        "kern.secure_kernel" ;; Needed by XPC bundle resolution
         "kern.version"
         "vm.footprint_suspend"))
 
@@ -838,6 +838,7 @@
     (iokit-property "IOClassNameOverride")
     (iokit-property "IOPlatformUUID")
     (iokit-property "IOSurfaceAcceleratorCapabilitiesDict")
+    (iokit-property "LGHSupported")
     (iokit-property "Protocol Characteristics")
     (iokit-property "als-colorCfg") ;; <rdar://problem/52903475>
     (iokit-property "artwork-device-idiom") ;; <rdar://problem/49497720>

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes