Title: [148904] trunk/Source/WebKit2
- Revision
- 148904
- Author
- [email protected]
- Date
- 2013-04-22 12:54:53 -0700 (Mon, 22 Apr 2013)
Log Message
<rdar://problem/13681842> [Mac] Tweak WebProcess sandbox profile to use
system-graphics function when available.
Reviewed by Sam Weinig.
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (148903 => 148904)
--- trunk/Source/WebKit2/ChangeLog 2013-04-22 19:52:09 UTC (rev 148903)
+++ trunk/Source/WebKit2/ChangeLog 2013-04-22 19:54:53 UTC (rev 148904)
@@ -1,3 +1,12 @@
+2013-04-22 Alexey Proskuryakov <[email protected]>
+
+ <rdar://problem/13681842> [Mac] Tweak WebProcess sandbox profile to use
+ system-graphics function when available.
+
+ Reviewed by Sam Weinig.
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2013-04-22 Zan Dobersek <[email protected]>
[GTK] Set up libPlatform.la
Modified: trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (148903 => 148904)
--- trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2013-04-22 19:52:09 UTC (rev 148903)
+++ trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2013-04-22 19:54:53 UTC (rev 148904)
@@ -36,6 +36,19 @@
(require-all (socket-domain AF_SYSTEM)
(socket-protocol 2)) ; SYSPROTO_CONTROL
(socket-domain AF_ROUTE)))
+
+;; Low level graphics. Defined in system.sb on newer OS versions.
+(define (system-graphics)
+ (allow mach-lookup (global-name "com.apple.cvmsServ"))
+ (allow iokit-open
+ (iokit-connection "IOAccelerator")
+ (iokit-user-client-class "IOAccelerationUserClient")
+ (iokit-user-client-class "IOSurfaceRootUserClient")
+ (iokit-user-client-class "IOSurfaceSendRight")
+ (iokit-user-client-class "IOFramebufferSharedUserClient")
+ (iokit-user-client-class "AppleSNBFBUserClient")
+ (iokit-user-client-class "AGPMClient")
+ (iokit-user-client-class "AppleGraphicsControlClient")))
#endif
;; Read-only preferences and data
@@ -117,17 +130,9 @@
;; IOKit user clients
(allow iokit-open
- (iokit-connection "IOAccelerator")
- (iokit-user-client-class "IOAccelerationUserClient")
- (iokit-user-client-class "IOFramebufferSharedUserClient")
- (iokit-user-client-class "AppleGraphicsControlClient")
- (iokit-user-client-class "AppleSNBFBUserClient")
(iokit-user-client-class "AppleUpstreamUserClient")
- (iokit-user-client-class "AGPMClient")
(iokit-user-client-class "IOHIDParamUserClient")
(iokit-user-client-class "RootDomainUserClient")
- (iokit-user-client-class "IOSurfaceRootUserClient")
- (iokit-user-client-class "IOSurfaceSendRight")
(iokit-user-client-class "IOAudioControlUserClient")
(iokit-user-client-class "IOAudioEngineUserClient"))
@@ -143,7 +148,6 @@
(global-name "com.apple.audio.audiohald")
(global-name "com.apple.audio.coreaudiod")
(global-name "com.apple.cookied")
- (global-name "com.apple.cvmsServ")
(global-name "com.apple.dock.server")
(global-name "com.apple.system.opendirectoryd.api")
(global-name "com.apple.tccd")
@@ -183,6 +187,9 @@
(allow file-read-data
(literal "/dev/autofs_nowait")) ; Used by CF to circumvent automount triggers
+;; Graphics
+(system-graphics)
+
;; Networking
(system-network)
(allow network-outbound
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
