[webkit-changes] [283820] branches/safari-613.1.4-branch/Source/WebKit

Fri, 08 Oct 2021 12:12:46 -0700

Title: [283820] branches/safari-613.1.4-branch/Source/WebKit

Diff

Modified: branches/safari-613.1.4-branch/Source/WebKit/ChangeLog (283819 => 283820)


--- branches/safari-613.1.4-branch/Source/WebKit/ChangeLog	2021-10-08 19:10:51 UTC (rev 283819)
+++ branches/safari-613.1.4-branch/Source/WebKit/ChangeLog	2021-10-08 19:11:52 UTC (rev 283820)
@@ -1,7 +1,3 @@
-2021-10-07  Alan Coon  <[email protected]>
-
-        Revert r283187. rdar://problem/83985586
-
 2021-10-06  Alan Coon  <[email protected]>
 
         Revert r283374. rdar://problem/83847918

Modified: branches/safari-613.1.4-branch/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in (283819 => 283820)


--- branches/safari-613.1.4-branch/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2021-10-08 19:10:51 UTC (rev 283819)
+++ branches/safari-613.1.4-branch/Source/WebKit/GPUProcess/mac/com.apple.WebKit.GPUProcess.sb.in	2021-10-08 19:11:52 UTC (rev 283820)
@@ -24,8 +24,12 @@
 (version 1)
 (deny default (with partial-symbolication))
 (deny nvram*)
+(deny system-privilege)
 (allow system-audit file-read-metadata)
 
+;; Silence spurious logging due to rdar://20117923 and rdar://72366475
+(deny system-privilege (privilege-id PRIV_GLOBAL_PROC_INFO) (with no-report))
+
 #include "Shared/Sandbox/preferences.sb"
 
 ;;;

Modified: branches/safari-613.1.4-branch/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in (283819 => 283820)


--- branches/safari-613.1.4-branch/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in	2021-10-08 19:10:51 UTC (rev 283819)
+++ branches/safari-613.1.4-branch/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in	2021-10-08 19:11:52 UTC (rev 283820)
@@ -24,8 +24,18 @@
 (version 1)
 (deny default (with partial-symbolication))
 (deny nvram*)
+(deny system-privilege)
+
 (allow system-audit file-read-metadata)
 
+(allow system-privilege (with grant)
+    (require-all
+        (privilege-id PRIV_NET_PRIVILEGED_SOCKET_DELEGATE)
+        (require-entitlement "com.apple.private.network.socket-delegate")))
+ 
+;; Silence spurious logging due to rdar://20117923 and rdar://72366475
+(deny system-privilege (privilege-id PRIV_GLOBAL_PROC_INFO) (with no-report))
+
 #include "Shared/Sandbox/preferences.sb"
 
 #if PLATFORM(MAC)

Modified: branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb (283819 => 283820)


--- branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-10-08 19:10:51 UTC (rev 283819)
+++ branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.GPU.sb	2021-10-08 19:11:52 UTC (rev 283820)
@@ -24,8 +24,12 @@
 (version 1)
 (deny default (with partial-symbolication))
 (deny nvram*)
+(deny system-privilege)
 (allow system-audit file-read-metadata)
 
+;; Silence spurious logging due to rdar://20117923 and rdar://72366475
+(deny system-privilege (privilege-id PRIV_GLOBAL_PROC_INFO) (with no-report))
+
 ;;;
 ;;; The following rules were originally contained in 'common.sb'. We are duplicating them here so we can
 ;;; remove unneeded sandbox extensions.

Modified: branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb (283819 => 283820)


--- branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2021-10-08 19:10:51 UTC (rev 283819)
+++ branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb	2021-10-08 19:11:52 UTC (rev 283820)
@@ -24,8 +24,17 @@
 (version 1)
 (deny default (with partial-symbolication))
 (deny nvram*)
+(deny system-privilege)
 (allow system-audit file-read-metadata)
 
+(allow system-privilege (with grant)
+    (require-all
+        (privilege-id PRIV_NET_PRIVILEGED_SOCKET_DELEGATE)
+        (require-entitlement "com.apple.private.network.socket-delegate")))
+
+;; Silence spurious logging due to rdar://20117923 and rdar://72366475
+(deny system-privilege (privilege-id PRIV_GLOBAL_PROC_INFO) (with no-report))
+
 ;;;
 ;;; The following rules were originally contained in 'common.sb'. We are duplicating them here so we can
 ;;; remove unneeded sandbox extensions.

Modified: branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb (283819 => 283820)


--- branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb	2021-10-08 19:10:51 UTC (rev 283819)
+++ branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebAuthn.sb	2021-10-08 19:11:52 UTC (rev 283820)
@@ -24,7 +24,11 @@
 (version 1)
 (deny default (with partial-symbolication))
 (deny nvram*)
+(deny system-privilege)
 
+;; Silence spurious logging due to rdar://20117923 and rdar://72366475
+(deny system-privilege (privilege-id PRIV_GLOBAL_PROC_INFO) (with no-report))
+
 ;;;
 ;;; The following rules were originally contained in 'common.sb'. We are duplicating them here so we can
 ;;; remove unneeded sandbox extensions.

Modified: branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (283819 => 283820)


--- branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2021-10-08 19:10:51 UTC (rev 283819)
+++ branches/safari-613.1.4-branch/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2021-10-08 19:11:52 UTC (rev 283820)
@@ -24,8 +24,12 @@
 (version 1)
 (deny default (with partial-symbolication))
 (deny nvram*)
+(deny system-privilege)
 (allow system-audit file-read-metadata)
 
+;; Silence spurious logging due to rdar://20117923 and rdar://72366475
+(deny system-privilege (privilege-id PRIV_GLOBAL_PROC_INFO) (with no-report))
+
 ;;;
 ;;; The following rules were originally contained in 'common.sb'. We are duplicating them here so we can
 ;;; remove unneeded sandbox extensions.

Modified: branches/safari-613.1.4-branch/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in (283819 => 283820)


--- branches/safari-613.1.4-branch/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in	2021-10-08 19:10:51 UTC (rev 283819)
+++ branches/safari-613.1.4-branch/Source/WebKit/WebAuthnProcess/mac/com.apple.WebKit.WebAuthnProcess.sb.in	2021-10-08 19:11:52 UTC (rev 283820)
@@ -26,6 +26,9 @@
 (deny nvram*)
 (allow system-audit file-read-metadata)
 
+;; Silence spurious logging due to rdar://20117923 and rdar://72366475
+(deny system-privilege (privilege-id PRIV_GLOBAL_PROC_INFO) (with no-report))
+
 #include "Shared/Sandbox/preferences.sb"
 
 ;;;

Modified: branches/safari-613.1.4-branch/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (283819 => 283820)


--- branches/safari-613.1.4-branch/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2021-10-08 19:10:51 UTC (rev 283819)
+++ branches/safari-613.1.4-branch/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2021-10-08 19:11:52 UTC (rev 283820)
@@ -24,8 +24,12 @@
 (version 1)
 (deny default (with partial-symbolication))
 (deny nvram*)
+(deny system-privilege)
 (allow system-audit file-read-metadata)
 
+;; Silence spurious logging due to rdar://20117923 and rdar://72366475
+(deny system-privilege (privilege-id PRIV_GLOBAL_PROC_INFO) (with no-report))
+ 
 #include "Shared/Sandbox/preferences.sb"
 
 ;;;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to