WebKit Bugzilla
Attachment 343298 Details for
Bug 186904
: Rollout macOS sandbox change in r232276
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
0001-Rollout-macOS-sandbox-change-in-r232276.patch (text/plain), 3.39 KB, created by
Jiewen Tan
on 2018-06-21 17:55:51 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jiewen Tan
Created:
2018-06-21 17:55:51 PDT
Size:
3.39 KB
patch
obsolete
>From ada3e71841d8095e0c37726c27aa5a20e56a4a4f Mon Sep 17 00:00:00 2001 >From: "jiewen_tan@apple.com" > <jiewen_tan@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> >Date: Tue, 19 Jun 2018 22:22:14 +0000 >Subject: [PATCH] Rollout macOS sandbox change in r232276 > https://bugs.webkit.org/show_bug.cgi?id=186904 <rdar://problem/41350969> > >Reviewed by NOBODY (OOPS!). > >* NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in: >--- > Source/WebKit/ChangeLog | 10 ++++++++++ > .../mac/com.apple.WebKit.NetworkProcess.sb.in | 14 +++++++++----- > 2 files changed, 19 insertions(+), 5 deletions(-) > >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 3c7cf3969f3..842bb03c0a9 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,13 @@ >+2018-06-21 Jiewen Tan <jiewen_tan@apple.com> >+ >+ Rollout macOS sandbox change in r232276 >+ https://bugs.webkit.org/show_bug.cgi?id=186904 >+ <rdar://problem/41350969> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in: >+ > 2018-06-18 Jiewen Tan <jiewen_tan@apple.com> > > Make SecItemShim to not send return value for SecItemAdd >diff --git a/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in b/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in >index e7e93a3c3f0..6a36015ce21 100644 >--- a/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in >+++ b/Source/WebKit/NetworkProcess/mac/com.apple.WebKit.NetworkProcess.sb.in >@@ -161,15 +161,12 @@ > > ;; Security framework > (allow mach-lookup >-#if !HAVE(SEC_KEY_PROXY) > (global-name "com.apple.ctkd.token-client") > (global-name "com.apple.securityd.xpc") > (global-name "com.apple.CoreAuthentication.agent.libxpc") >-#endif > (global-name "com.apple.ocspd") > (global-name "com.apple.SecurityServer")) > >-#if !HAVE(SEC_KEY_PROXY) > ;; FIXME: This should be removed when <rdar://problem/10479685> is fixed. > ;; Restrict AppSandboxed processes from creating /Library/Keychains, but allow access to the contents of /Library/Keychains: > (allow file-read-data file-read-metadata file-write* >@@ -180,7 +177,6 @@ > (deny file-read* file-write* > (regex (string-append "/Library/Keychains/" (uuid-regex-string) "(/|$)")) > (home-regex (string-append "/Library/Keychains/" (uuid-regex-string) "(/|$)"))) >-#endif > > (allow file-read* file-write* (subpath "/private/var/db/mds/system")) ;; FIXME: This should be removed when <rdar://problem/9538414> is fixed. > >@@ -193,7 +189,15 @@ > > (allow file-read* > (subpath "/private/var/db/mds") >- (literal "/private/var/db/DetachedSignatures")) >+ (literal "/private/var/db/DetachedSignatures") >+ >+ ; The following are needed until <rdar://problem/11134688> is resolved. >+ (literal "/Library/Preferences/com.apple.security.plist") >+ (literal "/Library/Preferences/com.apple.security.common.plist") >+ (literal "/Library/Preferences/com.apple.security.revocation.plist") >+ (home-literal "/Library/Application Support/SyncServices/Local/ClientsWithChanges/com.apple.Keychain") >+ (home-literal "/Library/Preferences/com.apple.security.plist") >+ (home-literal "/Library/Preferences/com.apple.security.revocation.plist")) > > (allow ipc-posix-shm-read* ipc-posix-shm-write-data > (ipc-posix-name "com.apple.AppleDatabaseChanged")) >-- >2.17.0 (Apple Git-105) >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=343298">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
bfulgham
:
review+
ews-watchlist
:
commit-queue-
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 186904
: 343298 |
343447