Title: [259297] trunk/Source/WebKit
- Revision
- 259297
- Author
- [email protected]
- Date
- 2020-03-31 10:28:01 -0700 (Tue, 31 Mar 2020)
Log Message
Silence preference write sandbox violations in the WebContent process
https://bugs.webkit.org/show_bug.cgi?id=209806
Reviewed by Brent Fulgham.
When CFPrefs direct mode is enabled in the WebContent process, the UI process will notify the WebContent about preference changes.
When receiving these notifications, the WebContent process will use the CFPrefs API to update the value of these preferences
in-process, which will also attempt to write these values to disk. Writing the preference values to disk is unnecessary, and will
also be denied by the sandbox, so the sandbox violations should be silenced.
No new tests, no behavior change.
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (259296 => 259297)
--- trunk/Source/WebKit/ChangeLog 2020-03-31 17:03:58 UTC (rev 259296)
+++ trunk/Source/WebKit/ChangeLog 2020-03-31 17:28:01 UTC (rev 259297)
@@ -1,3 +1,20 @@
+2020-03-31 Per Arne Vollan <[email protected]>
+
+ Silence preference write sandbox violations in the WebContent process
+ https://bugs.webkit.org/show_bug.cgi?id=209806
+
+ Reviewed by Brent Fulgham.
+
+ When CFPrefs direct mode is enabled in the WebContent process, the UI process will notify the WebContent about preference changes.
+ When receiving these notifications, the WebContent process will use the CFPrefs API to update the value of these preferences
+ in-process, which will also attempt to write these values to disk. Writing the preference values to disk is unnecessary, and will
+ also be denied by the sandbox, so the sandbox violations should be silenced.
+
+ No new tests, no behavior change.
+
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2020-03-31 Devin Rousso <[email protected]>
REGRESSION: (r259236) [ iOS and Catalina wk2 Debug ] ASSERTION FAILED: m_debugLoggingEnabled in WebKit::ResourceLoadStatisticsStore::debugBroadcastConsoleMessage
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (259296 => 259297)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-03-31 17:03:58 UTC (rev 259296)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2020-03-31 17:28:01 UTC (rev 259297)
@@ -845,6 +845,11 @@
(literal "/usr/local/lib/log") ; <rdar://problem/36629495>
)
+;; <rdar://problem/60983812>
+(deny file-write*
+ (home-subpath "/Library/Preferences/")
+ (with no-log))
+
(allow mach-lookup
(require-all
(extension "com.apple.webkit.extension.mach")
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (259296 => 259297)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-03-31 17:03:58 UTC (rev 259296)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-03-31 17:28:01 UTC (rev 259297)
@@ -873,6 +873,11 @@
(allow device-camera))
#endif // PLATFORM(MAC)
+;; <rdar://problem/60983812>
+(deny file-write*
+ (home-subpath "/Library/Preferences/")
+ (with no-log))
+
(allow mach-lookup
(require-all
(extension "com.apple.webkit.extension.mach")
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
