WebKit Bugzilla
Attachment 341809 Details for
Bug 186110
: Add a sandbox profile for com.cisco.webex.plugin.gpc64 plugin
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for landing
bug-186110-20180601170215.patch (text/plain), 10.61 KB, created by
youenn fablet
on 2018-06-01 17:02:26 PDT
(
hide
)
Description:
Patch for landing
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2018-06-01 17:02:26 PDT
Size:
10.61 KB
patch
obsolete
>Subversion Revision: 232334 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 2eead6d5cd9b02594db6aa0f785f1cd4e2edac55..c3ba6e523e3fc156346e0fd630c3a58e5614a5d6 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,14 @@ >+2018-06-01 Youenn Fablet <youenn@apple.com> >+ >+ Add a sandbox profile for com.cisco.webex.plugin.gpc64 plugin >+ https://bugs.webkit.org/show_bug.cgi?id=186110 >+ >+ Reviewed by Brent Fulgham. >+ >+ * PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in: Webex needs to create some symlinks. >+ * Resources/PlugInSandboxProfiles/com.cisco.webex.plugin.gpc64.sb: Added. >+ * WebKit.xcodeproj/project.pbxproj: >+ > 2018-06-01 Youenn Fablet <youenn@apple.com> > > Add an option to restrict communication to localhost sockets >diff --git a/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in b/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in >index 8ca9ff8d8561460b4dc29a20bd772a4af6775a60..e893fef9f4f83aefb5d6ff73bc5c1ef169f7ff3b 100644 >--- a/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in >+++ b/Source/WebKit/PluginProcess/mac/com.apple.WebKit.plugin-common.sb.in >@@ -528,9 +528,10 @@ > ((original-%finalize %finalize) > (webkit-%finalize > (lambda () >- (if (defined? 'vnode-type) >- (deny file-write-create >- (vnode-type SYMLINK))) >+ (if (not (defined? 'allow-symlinks)) >+ (if (defined? 'vnode-type) >+ (deny file-write-create >+ (vnode-type SYMLINK)))) > ;; Reserve a namespace for additional protected extended attributes. > (deny file-read-xattr file-write-xattr (xattr #"^com\.apple\.security\.private\.")) > ;; FIXME: Should be removed once <rdar://problem/16329087> is fixed. >diff --git a/Source/WebKit/Resources/PlugInSandboxProfiles/com.cisco.webex.plugin.gpc64.sb b/Source/WebKit/Resources/PlugInSandboxProfiles/com.cisco.webex.plugin.gpc64.sb >new file mode 100644 >index 0000000000000000000000000000000000000000..ca6cf8358fac8adcf8dcbdd3a454990a850739d7 >--- /dev/null >+++ b/Source/WebKit/Resources/PlugInSandboxProfiles/com.cisco.webex.plugin.gpc64.sb >@@ -0,0 +1,83 @@ >+; Copyright (C) 2018 Apple Inc. All rights reserved. >+; >+; Redistribution and use in source and binary forms, with or without >+; modification, are permitted provided that the following conditions >+; are met: >+; 1. Redistributions of source code must retain the above copyright >+; notice, this list of conditions and the following disclaimer. >+; 2. Redistributions in binary form must reproduce the above copyright >+; notice, this list of conditions and the following disclaimer in the >+; documentation and/or other materials provided with the distribution. >+; >+; THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' >+; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, >+; THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR >+; PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS >+; BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR >+; CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF >+; SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS >+; INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN >+; CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) >+; ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF >+; THE POSSIBILITY OF SUCH DAMAGE. >+ >+(define allow-symlinks #t) >+ >+(define (home-subpath home-relative-subpath) >+ (subpath (string-append (param "HOME_DIR") home-relative-subpath))) >+(define (home-literal home-relative-literal) >+ (literal (string-append (param "HOME_DIR") home-relative-literal))) >+ >+(allow file-read* file-write* >+ (home-literal "/Library/Preferences/com.cisco.webex.fuzzyWindowConfig.plist")) >+ >+(allow file-read* file-write* >+ (home-literal "/Library/Preferences/com.webex.meetingmanager.plist")) >+ >+(allow file-read* file-write* file-write-create >+ (home-subpath "/Library/Application Support/WebEx Folder")) >+ >+;; FIXME: We should tigthen the sandbox to some tmp subfolders >+(allow file* >+ (prefix "/private/tmp")) >+ >+(allow file-read-data file-write-data >+ (path "/dev/tty")) >+ >+(allow process-exec) >+(allow process-fork) >+(allow distributed-notification-post) >+ >+(allow mach-lookup >+ (global-name "com.apple.PerformanceAnalysis.animationperfd") >+ (global-name "com.apple.dock.fullscreen") >+ (global-name "com.apple.quicklook.ui.helper.active") >+ (global-name "com.apple.quicklook.ui.helper") >+ (global-name "com.apple.inputmethodkit.launchagent") >+ (global-name "com.apple.inputmethodkit.launcher") >+ (global-name "com.apple.inputmethodkit.getxpcendpoint")) >+ >+(allow iokit-get-properties >+ (iokit-property "PowerControlSupported") >+ (iokit-property "SupportTapToWake") >+ (iokit-property "ResetOnLockMs") >+ (iokit-property "ResetOnUnlockMs") >+ (iokit-property "ShouldResetOnButton") >+ (iokit-property "WirelessChargingNotificationSupported") >+ (iokit-property "SupportsSilentClick") >+ (iokit-property "MinDigitizerPressureValue") >+ (iokit-property "AccurateMaxDigitizerPressureValue") >+ (iokit-property "ExtendedMaxDigitizerPressureValue") >+ (iokit-property "AnimationThresholds") >+ (iokit-property "ActivationThresholds") >+ (iokit-property "mt-device-id")) >+ >+(webkit-powerbox) >+(webkit-printing) >+(webkit-camera) >+(webkit-microphone) >+ >+(allow network-bind (local ip)) >+ >+(allow network-outbound) >+(allow network-inbound (local ip)) >diff --git a/Source/WebKit/WebKit.xcodeproj/project.pbxproj b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >index b519ff6691881670cc43c8ee91657121a831d739..5553c5a0f286fbeec4a4c7aa5a6b0c2706efe2ad 100644 >--- a/Source/WebKit/WebKit.xcodeproj/project.pbxproj >+++ b/Source/WebKit/WebKit.xcodeproj/project.pbxproj >@@ -928,6 +928,8 @@ > 4131F3D11F96BCCC0059995A /* ServiceWorkerClientFetch.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4131F3D01F96BCC80059995A /* ServiceWorkerClientFetch.cpp */; }; > 4131F3E21F9880840059995A /* WebServiceWorkerFetchTaskClient.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4131F3E01F98712C0059995A /* WebServiceWorkerFetchTaskClient.cpp */; }; > 4135FBD11F4FB8090074C47B /* CacheStorageEngineCaches.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4135FBCF1F4FB7F20074C47B /* CacheStorageEngineCaches.cpp */; }; >+ 414DD37920BF43F5006959FB /* com.cisco.webex.plugin.gpc64.sb in Resources */ = {isa = PBXBuildFile; fileRef = 414DD37820BF43EA006959FB /* com.cisco.webex.plugin.gpc64.sb */; }; >+ 414DD37A20BF49A5006959FB /* com.cisco.webex.plugin.gpc64.sb in Copy Plug-in Sandbox Profiles */ = {isa = PBXBuildFile; fileRef = 414DD37820BF43EA006959FB /* com.cisco.webex.plugin.gpc64.sb */; }; > 414DEDD71F9EDDE50047C40D /* ServiceWorkerProcessProxy.h in Headers */ = {isa = PBXBuildFile; fileRef = 414DEDD51F9EDDDF0047C40D /* ServiceWorkerProcessProxy.h */; }; > 414DEDD81F9EDDE50047C40D /* ServiceWorkerProcessProxy.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 414DEDD61F9EDDE00047C40D /* ServiceWorkerProcessProxy.cpp */; }; > 41897ECF1F415D620016FA42 /* WebCacheStorageConnection.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 41897ECE1F415D5C0016FA42 /* WebCacheStorageConnection.cpp */; }; >@@ -2333,6 +2335,7 @@ > 7CB16FEF1724BA23007A0A95 /* com.apple.ist.ds.appleconnect.webplugin.sb in Copy Plug-in Sandbox Profiles */, > 7CB16FF01724BA24007A0A95 /* com.apple.QuickTime Plugin.plugin.sb in Copy Plug-in Sandbox Profiles */, > 7A772C8D1DDD4A25000F34F1 /* com.apple.WebKit.plugin-common.sb in Copy Plug-in Sandbox Profiles */, >+ 414DD37A20BF49A5006959FB /* com.cisco.webex.plugin.gpc64.sb in Copy Plug-in Sandbox Profiles */, > A102A7081EC0EEE900D81D82 /* com.macromedia.Flash Player ESR.plugin.sb in Copy Plug-in Sandbox Profiles */, > 7CB16FF21724BA28007A0A95 /* com.macromedia.Flash Player.plugin.sb in Copy Plug-in Sandbox Profiles */, > 7CB16FF31724BA2F007A0A95 /* com.microsoft.SilverlightPlugin.sb in Copy Plug-in Sandbox Profiles */, >@@ -3314,6 +3317,7 @@ > 4131F3E01F98712C0059995A /* WebServiceWorkerFetchTaskClient.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WebServiceWorkerFetchTaskClient.cpp; sourceTree = "<group>"; }; > 4135FBCF1F4FB7F20074C47B /* CacheStorageEngineCaches.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CacheStorageEngineCaches.cpp; sourceTree = "<group>"; }; > 4135FBD01F4FB7F20074C47B /* CacheStorageEngineCaches.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CacheStorageEngineCaches.h; sourceTree = "<group>"; }; >+ 414DD37820BF43EA006959FB /* com.cisco.webex.plugin.gpc64.sb */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = com.cisco.webex.plugin.gpc64.sb; sourceTree = "<group>"; }; > 414DEDD51F9EDDDF0047C40D /* ServiceWorkerProcessProxy.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = ServiceWorkerProcessProxy.h; sourceTree = "<group>"; }; > 414DEDD61F9EDDE00047C40D /* ServiceWorkerProcessProxy.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = ServiceWorkerProcessProxy.cpp; sourceTree = "<group>"; }; > 4151E5C31FBB90A900E47E2D /* FormDataReference.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = FormDataReference.h; sourceTree = "<group>"; }; >@@ -6927,6 +6931,7 @@ > E19BDA8419365F4B00B97F57 /* com.apple.appstore.CodeRedeemerNetscapePlugin.sb */, > 7CB16FE21724B9B5007A0A95 /* com.apple.ist.ds.appleconnect.webplugin.sb */, > 7CB16FE31724B9B5007A0A95 /* com.apple.QuickTime Plugin.plugin.sb */, >+ 414DD37820BF43EA006959FB /* com.cisco.webex.plugin.gpc64.sb */, > 7A5E39491D5BD8A700B4B7CE /* com.macromedia.Flash Player ESR.plugin.sb */, > 7CB16FE51724B9B5007A0A95 /* com.macromedia.Flash Player.plugin.sb */, > 7CB16FE61724B9B5007A0A95 /* com.microsoft.SilverlightPlugin.sb */, >@@ -10081,6 +10086,7 @@ > E17AE2C316B9C63A001C42F1 /* com.apple.WebKit.NetworkProcess.sb in Resources */, > E115C716190F8A2500ECC516 /* com.apple.WebKit.Storage.sb in Resources */, > E11D35AE16B63D1B006D23D7 /* com.apple.WebProcess.sb in Resources */, >+ 414DD37920BF43F5006959FB /* com.cisco.webex.plugin.gpc64.sb in Resources */, > 6BE969C11E54D452008B7483 /* corePrediction_model in Resources */, > 8DC2EF530486A6940098B216 /* InfoPlist.strings in Resources */, > 3FB08E431F60B240005E5312 /* iOS.xcassets in Resources */,
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=341809">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186110
:
341625
|
341789
|
341798
|
341799
| 341809 |
341828