[webkit-changes] [283890] trunk/Source/WebKit

Mon, 11 Oct 2021 04:51:15 -0700

Title: [283890] trunk/Source/WebKit
Revision
283890
Author
[email protected]
Date
2021-10-11 04:50:26 -0700 (Mon, 11 Oct 2021)

Log Message

Block access in sandbox to capability which is allowed by default
https://bugs.webkit.org/show_bug.cgi?id=231079
<rdar://66586853>

Reviewed by Brent Fulgham.

Some capabilities are allowed by default, and needs to be explicitly denied in the sandbox.

* Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
* WebProcess/com.apple.WebProcess.sb.in:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (283889 => 283890)


--- trunk/Source/WebKit/ChangeLog	2021-10-11 11:05:39 UTC (rev 283889)
+++ trunk/Source/WebKit/ChangeLog	2021-10-11 11:50:26 UTC (rev 283890)
@@ -1,5 +1,18 @@
 2021-10-11  Per Arne Vollan <[email protected]>
 
+        Block access in sandbox to capability which is allowed by default
+        https://bugs.webkit.org/show_bug.cgi?id=231079
+        <rdar://66586853>
+
+        Reviewed by Brent Fulgham.
+
+        Some capabilities are allowed by default, and needs to be explicitly denied in the sandbox.
+
+        * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in:
+        * WebProcess/com.apple.WebProcess.sb.in:
+
+2021-10-11  Per Arne Vollan <[email protected]>
+
         [iOS] Add message filter in the WebContent process' sandbox
         https://bugs.webkit.org/show_bug.cgi?id=231046
         <rdar://problem/83743661>

Modified: trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in (283889 => 283890)


--- trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2021-10-11 11:05:39 UTC (rev 283889)
+++ trunk/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb.in	2021-10-11 11:50:26 UTC (rev 283890)
@@ -1574,3 +1574,5 @@
 (when (defined? 'darwin-notification-post)
     (allow darwin-notification-post (with telemetry))
 )
+
+(deny dynamic-code-generation)

Modified: trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in (283889 => 283890)


--- trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2021-10-11 11:05:39 UTC (rev 283889)
+++ trunk/Source/WebKit/WebProcess/com.apple.WebProcess.sb.in	2021-10-11 11:50:26 UTC (rev 283890)
@@ -2289,3 +2289,5 @@
     )
 )
 #endif
+
+(deny dynamic-code-generation)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to