Title: [269877] trunk/Source/WebKit
- Revision
- 269877
- Author
- [email protected]
- Date
- 2020-11-16 14:07:42 -0800 (Mon, 16 Nov 2020)
Log Message
[macOS] Remove remote tcp capability from WebContent Sandbox
https://bugs.webkit.org/show_bug.cgi?id=218999
<rdar://problem/70355789>
Reviewed by Per Arne Vollan.
Since we have moved all network activity (aside from some syslog use) out of the WebContent
process, we do not need the ability to open remote tcp connections. We should deny this
capability from our non-Network sandboxes.
* GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
* WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (269876 => 269877)
--- trunk/Source/WebKit/ChangeLog 2020-11-16 21:58:18 UTC (rev 269876)
+++ trunk/Source/WebKit/ChangeLog 2020-11-16 22:07:42 UTC (rev 269877)
@@ -1,3 +1,19 @@
+2020-11-16 Brent Fulgham <[email protected]>
+
+ [macOS] Remove remote tcp capability from WebContent Sandbox
+ https://bugs.webkit.org/show_bug.cgi?id=218999
+ <rdar://problem/70355789>
+
+ Reviewed by Per Arne Vollan.
+
+ Since we have moved all network activity (aside from some syslog use) out of the WebContent
+ process, we do not need the ability to open remote tcp connections. We should deny this
+ capability from our non-Network sandboxes.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+ * WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2020-11-16 Devin Rousso <[email protected]>
Ignore deprecation warnings for the uniform types C API
Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (269876 => 269877)
--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2020-11-16 21:58:18 UTC (rev 269876)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2020-11-16 22:07:42 UTC (rev 269877)
@@ -680,7 +680,10 @@
#endif
;; ObjC map_images needs to send logging data to syslog. <rdar://problem/39778918>
(literal "/private/var/run/syslog")
- (remote tcp))
+#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 101500
+ (remote tcp)
+#endif
+)
;; CFNetwork
(allow file-read-data (path "/private/var/db/nsurlstoraged/dafsaData.bin"))
Modified: trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in (269876 => 269877)
--- trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in 2020-11-16 21:58:18 UTC (rev 269876)
+++ trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in 2020-11-16 22:07:42 UTC (rev 269877)
@@ -384,7 +384,7 @@
(allow network-outbound
;; ObjC map_images needs to send logging data to syslog. <rdar://problem/39778918>
(literal "/private/var/run/syslog")
- (remote tcp))
+)
;; CFNetwork
(allow file-read-data (path "/private/var/db/nsurlstoraged/dafsaData.bin"))
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (269876 => 269877)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-11-16 21:58:18 UTC (rev 269876)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2020-11-16 22:07:42 UTC (rev 269877)
@@ -1033,7 +1033,10 @@
#endif
;; ObjC map_images needs to send logging data to syslog. <rdar://problem/39778918>
(literal "/private/var/run/syslog")
- (remote tcp))
+#if __MAC_OS_X_VERSION_MIN_REQUIRED <= 101500
+ (remote tcp)
+#endif
+)
;; CFNetwork
(allow file-read-data (path "/private/var/db/nsurlstoraged/dafsaData.bin"))
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
