Skip to site navigation (Press enter)

[webkit-changes] [271964] trunk/Source/WebKit

pvollan Wed, 27 Jan 2021 10:08:14 -0800

Title: [271964] trunk/Source/WebKit

Revision: 271964
Author: [email protected]
Date: 2021-01-27 10:07:39 -0800 (Wed, 27 Jan 2021)

Log Message

[iOS] Fix sandbox violation file-read-data /dev/dtracehelper in the Networking process
https://bugs.webkit.org/show_bug.cgi?id=221046
<rdar://problem/73625718>


Reviewed by Brent Fulgham.

Reading this file should be allowed in the Networking process on internal installs on iOS.

* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb

Diff

Modified: trunk/Source/WebKit/ChangeLog (271963 => 271964)


--- trunk/Source/WebKit/ChangeLog	2021-01-27 18:07:16 UTC (rev 271963)
+++ trunk/Source/WebKit/ChangeLog	2021-01-27 18:07:39 UTC (rev 271964)
@@ -1,5 +1,17 @@
 2021-01-27  Per Arne  <[email protected]>
 
+        [iOS] Fix sandbox violation file-read-data /dev/dtracehelper in the Networking process
+        https://bugs.webkit.org/show_bug.cgi?id=221046
+        <rdar://problem/73625718>
+
+        Reviewed by Brent Fulgham.
+
+        Reading this file should be allowed in the Networking process on internal installs on iOS.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+
+2021-01-27  Per Arne  <[email protected]>
+
         [macOS] WebContent sandbox regex incorrect
         https://bugs.webkit.org/show_bug.cgi?id=221045
         <rdar://problem/73473985>

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (271963 => 271964)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2021-01-27 18:07:16 UTC (rev 271963)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2021-01-27 18:07:39 UTC (rev 271964)
@@ -657,6 +657,14 @@
     (literal "/dev/random")
     (literal "/dev/urandom"))
 
+(if (system-attribute apple-internal)
+    (allow file-read* file-write-data file-ioctl
+        (literal "/dev/dtracehelper"))
+; else
+    (deny (with no-log) file-read* file-write-data file-ioctl
+        (literal "/dev/dtracehelper"))
+)
+
 ;; Access to MobileGestalt
 (allow mach-lookup
     (global-name "com.apple.mobilegestalt.xpc"))

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes