Diff
Modified: trunk/Source/WebKit/ChangeLog (277031 => 277032)
--- trunk/Source/WebKit/ChangeLog 2021-05-05 18:34:29 UTC (rev 277031)
+++ trunk/Source/WebKit/ChangeLog 2021-05-05 18:43:25 UTC (rev 277032)
@@ -1,3 +1,22 @@
+2021-05-05 Brent Fulgham <[email protected]>
+
+ [Cocoa] Remove access to the unused 'nvram' system command
+ https://bugs.webkit.org/show_bug.cgi?id=225370
+ <rdar://problem/66583129>
+
+ Reviewed by Per Arne Vollan.
+
+ Add a 'deny' rule for nvram, since we don't use it and have no reason to access it.
+
+ * GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in:
+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb:
+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb:
+ * WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in:
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2021-05-05 Devin Rousso <[email protected]>
Sampled Page Top Color: take additional snapshots further down the page to see if the sampled top color is more than just a tiny strip
Modified: trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (277031 => 277032)
--- trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-05-05 18:34:29 UTC (rev 277031)
+++ trunk/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in 2021-05-05 18:43:25 UTC (rev 277032)
@@ -23,6 +23,7 @@
(version 1)
(deny default (with partial-symbolication))
+(deny nvram*)
(allow system-audit file-read-metadata)
;;;
Modified: trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (277031 => 277032)
--- trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-05-05 18:34:29 UTC (rev 277031)
+++ trunk/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in 2021-05-05 18:43:25 UTC (rev 277032)
@@ -23,6 +23,7 @@
(version 1)
(deny default (with partial-symbolication))
+(deny nvram*)
(allow system-audit file-read-metadata)
#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 101500
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (277031 => 277032)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-05-05 18:34:29 UTC (rev 277031)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb 2021-05-05 18:43:25 UTC (rev 277032)
@@ -23,6 +23,7 @@
(version 1)
(deny default (with partial-symbolication))
+(deny nvram*)
(allow system-audit file-read-metadata)
;;;
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (277031 => 277032)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-05-05 18:34:29 UTC (rev 277031)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb 2021-05-05 18:43:25 UTC (rev 277032)
@@ -23,6 +23,7 @@
(version 1)
(deny default (with partial-symbolication))
+(deny nvram*)
(allow system-audit file-read-metadata)
;;;
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb (277031 => 277032)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb 2021-05-05 18:34:29 UTC (rev 277031)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb 2021-05-05 18:43:25 UTC (rev 277032)
@@ -23,6 +23,7 @@
(version 1)
(deny default (with partial-symbolication))
+(deny nvram*)
(allow system-audit file-read-metadata)
;;;
Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb (277031 => 277032)
--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2021-05-05 18:34:29 UTC (rev 277031)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb 2021-05-05 18:43:25 UTC (rev 277032)
@@ -23,6 +23,7 @@
(version 1)
(deny default (with partial-symbolication))
+(deny nvram*)
(allow system-audit file-read-metadata)
;;;
Modified: trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in (277031 => 277032)
--- trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in 2021-05-05 18:34:29 UTC (rev 277031)
+++ trunk/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in 2021-05-05 18:43:25 UTC (rev 277032)
@@ -23,6 +23,7 @@
(version 1)
(deny default (with partial-symbolication))
+(deny nvram*)
(allow system-audit file-read-metadata)
;;;
Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (277031 => 277032)
--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-05-05 18:34:29 UTC (rev 277031)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in 2021-05-05 18:43:25 UTC (rev 277032)
@@ -23,6 +23,7 @@
(version 1)
(deny default (with partial-symbolication))
+(deny nvram*)
(allow system-audit file-read-metadata)
;;;
