Title: [261136] trunk/Source/WebKit
- Revision
- 261136
- Author
- bfulg...@apple.com
- Date
- 2020-05-04 18:27:38 -0700 (Mon, 04 May 2020)
Log Message
[macOS] Eliminate SecurityServer and OCSPD from the WebContent sandbox
https://bugs.webkit.org/show_bug.cgi?id=211417
<rdar://problem/46235370>
Reviewed by Per Arne Vollan.
We can now re-block access to these services.
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (261135 => 261136)
--- trunk/Source/WebKit/ChangeLog 2020-05-05 01:18:41 UTC (rev 261135)
+++ trunk/Source/WebKit/ChangeLog 2020-05-05 01:27:38 UTC (rev 261136)
@@ -1,3 +1,15 @@
+2020-05-04 Brent Fulgham <bfulg...@apple.com>
+
+ [macOS] Eliminate SecurityServer and OCSPD from the WebContent sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=211417
+ <rdar://problem/46235370>
+
+ Reviewed by Per Arne Vollan.
+
+ We can now re-block access to these services.
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2020-05-04 Timothy Horton <timothy_hor...@apple.com>
Unreviewed, reverting r261117.
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (261135 => 261136)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-05-05 01:18:41 UTC (rev 261135)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-05-05 01:27:38 UTC (rev 261136)
@@ -717,13 +717,12 @@
(global-name "com.apple.windowserver.active"))
#endif
+#if __MAC_OS_X_VERSION_MIN_REQUIRED < 101600
;; Needed to support encrypted media playback <rdar://problem/40038478>
(allow mach-lookup
-#if __MAC_OS_X_VERSION_MIN_REQUIRED > 101500
- (with telemetry-backtrace)
-#endif
(global-name "com.apple.SecurityServer")
(global-name "com.apple.ocspd"))
+#endif
(allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
