Title: [148917] trunk/Source/WebKit2
- Revision
- 148917
- Author
- [email protected]
- Date
- 2013-04-22 15:21:24 -0700 (Mon, 22 Apr 2013)
Log Message
<rdar://problem/13334446> [Mac] Tweak sandbox profiles.
Reviewed by Anders Carlsson.
Unbreak Lion, which doesn't provide detailed control over IPC.
* WebProcess/com.apple.WebProcess.sb.in:
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (148916 => 148917)
--- trunk/Source/WebKit2/ChangeLog 2013-04-22 22:15:37 UTC (rev 148916)
+++ trunk/Source/WebKit2/ChangeLog 2013-04-22 22:21:24 UTC (rev 148917)
@@ -1,3 +1,13 @@
+2013-04-22 Alexey Proskuryakov <[email protected]>
+
+ <rdar://problem/13334446> [Mac] Tweak sandbox profiles.
+
+ Reviewed by Anders Carlsson.
+
+ Unbreak Lion, which doesn't provide detailed control over IPC.
+
+ * WebProcess/com.apple.WebProcess.sb.in:
+
2013-04-22 Martin Robinson <[email protected]>
[GTK] Enable introspection always for developer builds
Modified: trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in (148916 => 148917)
--- trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2013-04-22 22:15:37 UTC (rev 148916)
+++ trunk/Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in 2013-04-22 22:21:24 UTC (rev 148917)
@@ -1,6 +1,9 @@
(version 1)
(deny default (with partial-symbolication))
(allow system-audit file-read-metadata)
+#if __MAC_OS_X_VERSION_MIN_REQUIRED == 1070
+(allow ipc-posix-shm)
+#endif
(import "system.sb")
@@ -136,6 +139,8 @@
(iokit-user-client-class "IOAudioControlUserClient")
(iokit-user-client-class "IOAudioEngineUserClient"))
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
+
;; cookied.
;; FIXME: Update for <rdar://problem/13642852>.
(allow ipc-posix-shm-read-data
@@ -163,6 +168,8 @@
(allow ipc-posix-shm-read* ipc-posix-shm-write-data
(ipc-posix-name-regex #"^AudioIO"))
+#endif
+
;; Various services required by AppKit and other frameworks
(allow mach-lookup
(global-name "com.apple.DiskArbitration.diskarbitrationd")
@@ -206,8 +213,10 @@
(home-literal "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain")
(home-literal "/Library/Preferences/com.apple.security.plist")
(home-literal "/Library/Preferences/com.apple.security.revocation.plist"))
+#if __MAC_OS_X_VERSION_MIN_REQUIRED >= 1080
(allow ipc-posix-shm-read* ipc-posix-shm-write-data
(ipc-posix-name "com.apple.AppleDatabaseChanged"))
+#endif
;; CoreFoundation. We don't import com.apple.corefoundation.sb, because it allows unnecessary access to pasteboard.
(allow mach-lookup
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
