[webkit-changes] [271976] trunk/Source/WebKit

Wed, 27 Jan 2021 12:54:00 -0800

Title: [271976] trunk/Source/WebKit
Revision
271976
Author
[email protected]
Date
2021-01-27 12:53:22 -0800 (Wed, 27 Jan 2021)

Log Message

[iOS] Conditionalize debugging support on internal builds
https://bugs.webkit.org/show_bug.cgi?id=221053
<rdar://problem/73520300>

Reviewed by Per Arne Vollan.

We should restrict use of the (debugging-support) rules in our iOS sandboxes to internal OS, since those
features are not accessible to production users.

Since these restrictions don't impact end user debugging use cases, we'll also rename the rules to
"internal-debugging-support".

* Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb:
* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (271975 => 271976)


--- trunk/Source/WebKit/ChangeLog	2021-01-27 20:49:40 UTC (rev 271975)
+++ trunk/Source/WebKit/ChangeLog	2021-01-27 20:53:22 UTC (rev 271976)
@@ -1,3 +1,22 @@
+2021-01-27  Brent Fulgham  <[email protected]>
+
+        [iOS] Conditionalize debugging support on internal builds
+        https://bugs.webkit.org/show_bug.cgi?id=221053
+        <rdar://problem/73520300>
+
+        Reviewed by Per Arne Vollan.
+
+        We should restrict use of the (debugging-support) rules in our iOS sandboxes to internal OS, since those
+        features are not accessible to production users.
+
+        Since these restrictions don't impact end user debugging use cases, we'll also rename the rules to
+        "internal-debugging-support".
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb:
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+
 2021-01-27  Kate Cheney  <[email protected]>
 
         WKWebView closeAllMediaPresentations API does not have a completion handler

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (271975 => 271976)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-01-27 20:49:40 UTC (rev 271975)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-01-27 20:53:22 UTC (rev 271976)
@@ -287,7 +287,7 @@
     )
 )
 
-(define-once (debugging-support)
+(define-once (internal-debugging-support)
         (allow file-read* file-map-executable
                (subpath "/Developer"))
 
@@ -546,7 +546,9 @@
                   (front-user-home-prefix "/Library/Caches/"))))
 )
 
-(debugging-support)
+(with-filter (system-attribute apple-internal)
+    (internal-debugging-support)
+)
 
 (allow file-read*
     required-etc-files

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (271975 => 271976)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2021-01-27 20:49:40 UTC (rev 271975)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2021-01-27 20:53:22 UTC (rev 271976)
@@ -238,7 +238,7 @@
         (iokit-user-client-class "AppleKeyStoreUserClient") ;; Needed by NSURLCache
 ))
 
-(define-once (debugging-support)
+(define-once (internal-debugging-support)
         ;; <rdar://problem/8379706>
         ;; <rdar://problem/12868101>
         ;; <rdar://problem/22766887>
@@ -400,7 +400,9 @@
                (sysctl-name-prefix "kern.proc.")
                (sysctl-name-prefix "kern.procargs2."))))
 
-(debugging-support)
+(with-filter (system-attribute apple-internal)
+    (internal-debugging-support)
+)
 
 (allow file-read*
     required-etc-files

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb (271975 => 271976)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb	2021-01-27 20:49:40 UTC (rev 271975)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb	2021-01-27 20:53:22 UTC (rev 271976)
@@ -96,7 +96,7 @@
     (allow file-read*
            (home-literal "/Library/Caches/com.apple.itunesstored/url-resolution.plist")))
 
-(define-once (debugging-support)
+(define-once (internal-debugging-support)
         (allow file-read* file-map-executable
                (subpath "/Developer"))
 
@@ -326,7 +326,9 @@
                   (front-user-home-prefix "/Library/Caches/"))))
 )
 
-(debugging-support)
+(with-filter (system-attribute apple-internal)
+    (internal-debugging-support)
+)
 
 (allow file-read*
     required-etc-files

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (271975 => 271976)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2021-01-27 20:49:40 UTC (rev 271975)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb	2021-01-27 20:53:22 UTC (rev 271976)
@@ -287,7 +287,7 @@
     )
 )
 
-(define-once (debugging-support)
+(define-once (internal-debugging-support)
         (allow file-read* file-map-executable
                (subpath "/Developer"))
 
@@ -589,7 +589,9 @@
                   (front-user-home-prefix "/Library/Caches/"))))
 )
 
-(debugging-support)
+(with-filter (system-attribute apple-internal)
+    (internal-debugging-support)
+)
 
 (allow file-read*
     required-etc-files

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to