WebKit Bugzilla
Attachment 341034 Details for
Bug 185890
: Close access to "lsopen" for non-UI process
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-185890-20180522145633.patch (text/plain), 2.69 KB, created by
Brent Fulgham
on 2018-05-22 14:56:34 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Brent Fulgham
Created:
2018-05-22 14:56:34 PDT
Size:
2.69 KB
patch
obsolete
>Subversion Revision: 231977 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index f910418941a94954fb10cfd335603cd4197e5465..21b2aeced59a756ee152bba9eabff32141df48d4 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,18 @@ >+2018-05-22 Brent Fulgham <bfulgham@apple.com> >+ >+ Close access to "lsopen" for non-UI process >+ https://bugs.webkit.org/show_bug.cgi?id=185890 >+ <rdar://problem/39686511> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Close down access to 'lsopen' in the iOS sandboxes. These operations are >+ performed by the UIProcess on behalf of these helper processes. >+ >+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb: >+ * Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb: >+ * Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb: >+ > 2018-05-18 Antoine Quint <graouts@apple.com> > > [Web Animations] Turn Web Animations with CSS integration on for test runners >diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb >index 04d7188e41f32dcfa0b1d0d93afcae2fa3ddf30f..043d00d73539eba850c35d1fb8f2c54f34dc797e 100644 >--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb >+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb >@@ -29,6 +29,8 @@ > > (import "common.sb") > >+(deny lsopen) >+ > (deny sysctl*) > (allow sysctl-read > (sysctl-name >diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb >index ebe4953eeb2d3a5973a418cc5396873540a901ac..e89d757e4a18f5aedea9134edbb70be6b39fbd4d 100644 >--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb >+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Storage.sb >@@ -29,6 +29,8 @@ > > (import "common.sb") > >+(deny lsopen) >+ > (allow file-read* file-write* (extension "com.apple.app-sandbox.read-write")) > > (deny sysctl*) >diff --git a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb >index 7e655426c796b7dae6624416c44576c9479ef427..3adc102d2ba3449a8389cf9d75613e2b65106f16 100644 >--- a/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb >+++ b/Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.WebContent.sb >@@ -29,6 +29,8 @@ > > (import "common.sb") > >+(deny lsopen) >+ > ;;; > ;;; The following rules were originally contained in 'UIKit-apps.sb'. We are duplicating them here so we can > ;;; remove unneeded sandbox extensions.
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=341034">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 185890
: 341034