Title: [254999] trunk/Source/WebKit
- Revision
- 254999
- Author
- [email protected]
- Date
- 2020-01-23 13:14:54 -0800 (Thu, 23 Jan 2020)
Log Message
[iOS] Remove access to 'awd' directories
https://bugs.webkit.org/show_bug.cgi?id=206098
<rdar://problem/58491816>
Reviewed by Per Arne Vollan.
Now that we have removed 'awd' features from the WebContent process, and have blocked access to the
mach service, we should remove the ability to interact with the 'awd' directories on device.
No new tests. No change in behavior.
* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (254998 => 254999)
--- trunk/Source/WebKit/ChangeLog 2020-01-23 20:32:11 UTC (rev 254998)
+++ trunk/Source/WebKit/ChangeLog 2020-01-23 21:14:54 UTC (rev 254999)
@@ -1,3 +1,19 @@
+2020-01-23 Brent Fulgham <[email protected]>
+
+ [iOS] Remove access to 'awd' directories
+ https://bugs.webkit.org/show_bug.cgi?id=206098
+ <rdar://problem/58491816>
+
+ Reviewed by Per Arne Vollan.
+
+ Now that we have removed 'awd' features from the WebContent process, and have blocked access to the
+ mach service, we should remove the ability to interact with the 'awd' directories on device.
+
+ No new tests. No change in behavior.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
2020-01-23 Per Arne Vollan <[email protected]>
[Cocoa] Broker access to the PowerManagement API
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (254998 => 254999)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2020-01-23 20:32:11 UTC (rev 254998)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2020-01-23 21:14:54 UTC (rev 254999)
@@ -348,15 +348,6 @@
(allow file-read* file-write-data file-ioctl
(literal "/dev/aes_0")))
-(define-once (awd-log-directory daemon-name)
- (let*
- ((base-directory (home-relative-path "/Library/Logs/awd")))
- (allow-create-directory (literal base-directory))
- (allow file-read* file-write*
- (prefix (string-append base-directory "/awd-" daemon-name ".log")))
- (allow mach-lookup (with report) (with telemetry)
- (global-name "com.apple.awdd"))))
-
(define-once (logd-diagnostic-paths)
(require-any
(subpath "/private/var/db/diagnostics")
@@ -916,9 +907,6 @@
;; Allow loading injected bundles.
(allow file-map-executable)
-;; AWD logging
-(awd-log-directory "com.apple.WebKit.WebContent")
-
;; Allow ManagedPreference access
(allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (254998 => 254999)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-01-23 20:32:11 UTC (rev 254998)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-01-23 21:14:54 UTC (rev 254999)
@@ -362,14 +362,6 @@
(allow file-read* file-write-data file-ioctl
(literal "/dev/aes_0")))
-(define-once (awd-log-directory daemon-name)
- (let*
- ((base-directory (home-relative-path "/Library/Logs/awd")))
- (allow-create-directory (literal base-directory))
- (allow file-read* file-write*
- (prefix (string-append base-directory "/awd-" daemon-name ".log")))
-))
-
(define-once (logd-diagnostic-paths)
(require-any
(subpath "/private/var/db/diagnostics")
@@ -922,9 +914,6 @@
;; Allow loading injected bundles.
(allow file-map-executable)
-;; AWD logging
-(awd-log-directory "com.apple.WebKit.WebContent")
-
;; Allow ManagedPreference access
(allow file-read* (literal "/private/var/Managed Preferences/mobile/com.apple.webcontentfilter.plist"))
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
