Title: [269501] trunk/Source/WebKit
- Revision
- 269501
- Author
- [email protected]
- Date
- 2020-11-05 19:07:28 -0800 (Thu, 05 Nov 2020)
Log Message
[macOS] Remove mdnsresponder access from WebKit processes
https://bugs.webkit.org/show_bug.cgi?id=218633
<rdar://problem/69133548>
Unreviewed follow-up: Make the sandbox rule conditional on recent macOS to
avoid breaking STP use on older macOS releases.
* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (269500 => 269501)
--- trunk/Source/WebKit/ChangeLog 2020-11-06 02:05:47 UTC (rev 269500)
+++ trunk/Source/WebKit/ChangeLog 2020-11-06 03:07:28 UTC (rev 269501)
@@ -1,3 +1,15 @@
+2020-11-05 Brent Fulgham <[email protected]>
+
+ [macOS] Remove mdnsresponder access from WebKit processes
+ https://bugs.webkit.org/show_bug.cgi?id=218633
+ <rdar://problem/69133548>
+
+ Unreviewed follow-up: Make the sandbox rule conditional on recent macOS to
+ avoid breaking STP use on older macOS releases.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2020-11-05 Alex Christensen <[email protected]>
Add null checks effectively in UserInputBridge
Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (269500 => 269501)
--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2020-11-06 02:05:47 UTC (rev 269500)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2020-11-06 03:07:28 UTC (rev 269501)
@@ -669,6 +669,12 @@
;; Networking
(allow network-outbound
+#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 101500
+ ;; Local mDNSResponder for DNS, arbitrary outbound TCP
+ ;; Note: This is needed for some media playback features. <rdar://problem/38191574>
+ ;; Remove this permission when <rdar://problem/38240572> is fixed.
+ (literal "/private/var/run/mDNSResponder")
+#endif
;; ObjC map_images needs to send logging data to syslog. <rdar://problem/39778918>
(literal "/private/var/run/syslog")
(remote tcp))
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (269500 => 269501)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-11-06 02:05:47 UTC (rev 269500)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-11-06 03:07:28 UTC (rev 269501)
@@ -836,6 +836,12 @@
;; Networking
(allow network-outbound
+#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 101500
+ ;; Local mDNSResponder for DNS, arbitrary outbound TCP
+ ;; Note: This is needed for some media playback features. <rdar://problem/38191574>
+ ;; Remove this permission when <rdar://problem/38240572> is fixed.
+ (literal "/private/var/run/mDNSResponder")
+#endif
;; ObjC map_images needs to send logging data to syslog. <rdar://problem/39778918>
(literal "/private/var/run/syslog")
(remote tcp))
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
