131942 2014-04-21 12:05:30 -0700 Check the com.apple.security.network.client entitlement for all processes 2014-04-21 12:11:01 -0700 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 andersca andersca oldest_to_newest 1002595 0 andersca 2014-04-21 12:05:30 -0700 Check the com.apple.security.network.client entitlement for all processes 1002597 1 229817 andersca 2014-04-21 12:06:15 -0700 Created attachment 229817 Patch 1002599 2 229817 mitz 2014-04-21 12:08:50 -0700 Comment on attachment 229817 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=229817&action=review > Source/WebKit2/Shared/EntryPointUtilities/mac/XPCService/XPCServiceEntryPoint.mm:59 > + // FIXME: Once we're 100% sure that a process won't access the network we can get rid of this requirement for all processes. This should say “can’t” instead of “won’t”. We can be sure of this when the sandbox of the process in question disallows network access. 1002603 3 andersca 2014-04-21 12:11:01 -0700 Committed r167603: <http://trac.webkit.org/changeset/167603> 229817 2014-04-21 12:06:15 -0700 2014-04-21 12:08:49 -0700 Patch bug-131942-20140421120558.patch text/plain 3969 andersca U3VidmVyc2lvbiBSZXZpc2lvbjogMTY3NTk5CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggOGNhNmJkMWI5NjZkMjY0 MDUwYjcyNzEyNWIwMDA4NWU5NDNmZjMzMC4uNGQzY2ViODMyMjA0ZDgyNzgyOGJlYTU2NWY1M2I0 MjJlZDRlNGU2YiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDE0LTA0LTIxICBBbmRl cnMgQ2FybHNzb24gIDxhbmRlcnNjYUBhcHBsZS5jb20+CisKKyAgICAgICAgQ2hlY2sgdGhlIGNv bS5hcHBsZS5zZWN1cml0eS5uZXR3b3JrLmNsaWVudCBlbnRpdGxlbWVudCBmb3IgYWxsIHByb2Nl c3NlcworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTMx OTQyCisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS8xMjM1NDE4OD4KKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIE5ldHdvcmtQcm9jZXNzL0VudHJ5UG9p bnQvbWFjL1hQQ1NlcnZpY2UvTmV0d29ya1NlcnZpY2VFbnRyeVBvaW50Lm1tOgorICAgICAgICAo V2ViS2l0OjpOZXR3b3JrU2VydmljZUluaXRpYWxpemVyRGVsZWdhdGU6Ok5ldHdvcmtTZXJ2aWNl SW5pdGlhbGl6ZXJEZWxlZ2F0ZSk6CisgICAgICAgICogU2hhcmVkL0VudHJ5UG9pbnRVdGlsaXRp ZXMvbWFjL1hQQ1NlcnZpY2UvWFBDU2VydmljZUVudHJ5UG9pbnQuaDoKKyAgICAgICAgKiBTaGFy ZWQvRW50cnlQb2ludFV0aWxpdGllcy9tYWMvWFBDU2VydmljZS9YUENTZXJ2aWNlRW50cnlQb2lu dC5tbToKKyAgICAgICAgKFdlYktpdDo6WFBDU2VydmljZUluaXRpYWxpemVyRGVsZWdhdGU6OmNo ZWNrRW50aXRsZW1lbnRzKToKKwogMjAxNC0wNC0yMCAgRGFuIEJlcm5zdGVpbiAgPG1pdHpAYXBw bGUuY29tPgogCiAgICAgICAgIFtDb2NvYV0gUmVtb3ZlIGludGVyZmFjZXMgaW4gdGhlIFRvIEJl IFJlbW92ZWQgZ3JvdXBzCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9OZXR3b3JrUHJvY2Vz cy9FbnRyeVBvaW50L21hYy9YUENTZXJ2aWNlL05ldHdvcmtTZXJ2aWNlRW50cnlQb2ludC5tbSBi L1NvdXJjZS9XZWJLaXQyL05ldHdvcmtQcm9jZXNzL0VudHJ5UG9pbnQvbWFjL1hQQ1NlcnZpY2Uv TmV0d29ya1NlcnZpY2VFbnRyeVBvaW50Lm1tCmluZGV4IGY1MjI4NTE3M2Q2YTRmNDRkYzNjZWIw OWY1NjJlOWJmNDMwNDI5ZGYuLmRhYTk3NjJiOWU2OGRkMzUzZDNhODVlNTdjZmJhMzEwODY0NWJk YmMgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL05ldHdvcmtQcm9jZXNzL0VudHJ5UG9pbnQv bWFjL1hQQ1NlcnZpY2UvTmV0d29ya1NlcnZpY2VFbnRyeVBvaW50Lm1tCisrKyBiL1NvdXJjZS9X ZWJLaXQyL05ldHdvcmtQcm9jZXNzL0VudHJ5UG9pbnQvbWFjL1hQQ1NlcnZpY2UvTmV0d29ya1Nl cnZpY2VFbnRyeVBvaW50Lm1tCkBAIC0zOCwyMiArMzgsNiBAQCBwdWJsaWM6CiAgICAgICAgIDog WFBDU2VydmljZUluaXRpYWxpemVyRGVsZWdhdGUoY29ubmVjdGlvbiwgaW5pdGlhbGl6ZXJNZXNz YWdlKQogICAgIHsKICAgICB9Ci0KLSNpZiBQTEFURk9STShNQUMpCi0gICAgdmlydHVhbCBib29s IGNoZWNrRW50aXRsZW1lbnRzKCkgb3ZlcnJpZGUKLSAgICB7Ci0gICAgICAgIGlmICghaXNDbGll bnRTYW5kYm94ZWQoKSkKLSAgICAgICAgICAgIHJldHVybiB0cnVlOwotCi0gICAgICAgIGlmICgh aGFzRW50aXRsZW1lbnQoImNvbS5hcHBsZS5zZWN1cml0eS5uZXR3b3JrLmNsaWVudCIpKSB7Ci0g ICAgICAgICAgICBOU0xvZyhAIkFwcGxpY2F0aW9uIGRvZXMgbm90IGhhdmUgdGhlICdjb20uYXBw bGUuc2VjdXJpdHkubmV0d29yay5jbGllbnQnIGVudGl0bGVtZW50LiIpOwotICAgICAgICAgICAg cmV0dXJuIGZhbHNlOwotICAgICAgICB9Ci0KLSAgICAgICAgcmV0dXJuIHRydWU7Ci0gICAgfQot I2VuZGlmCi0KIH07CiAKIH0gLy8gbmFtZXNwYWNlIFdlYktpdApkaWZmIC0tZ2l0IGEvU291cmNl L1dlYktpdDIvU2hhcmVkL0VudHJ5UG9pbnRVdGlsaXRpZXMvbWFjL1hQQ1NlcnZpY2UvWFBDU2Vy dmljZUVudHJ5UG9pbnQuaCBiL1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9FbnRyeVBvaW50VXRpbGl0 aWVzL21hYy9YUENTZXJ2aWNlL1hQQ1NlcnZpY2VFbnRyeVBvaW50LmgKaW5kZXggNzNmZDY3MWY0 YTJjMzFkYzVkOGRjNjYwNTUwOGNhYmZhNmEzZGYyOC4uM2NhMzlkZDBlN2E4YjUwZmEyNWIwYTIx MzlkNGNmZDI0YTc0NDIwZCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvU2hhcmVkL0VudHJ5 UG9pbnRVdGlsaXRpZXMvbWFjL1hQQ1NlcnZpY2UvWFBDU2VydmljZUVudHJ5UG9pbnQuaAorKysg Yi9Tb3VyY2UvV2ViS2l0Mi9TaGFyZWQvRW50cnlQb2ludFV0aWxpdGllcy9tYWMvWFBDU2Vydmlj ZS9YUENTZXJ2aWNlRW50cnlQb2ludC5oCkBAIC00Miw3ICs0MiwxMCBAQCBwdWJsaWM6CiAKICAg ICB2aXJ0dWFsIH5YUENTZXJ2aWNlSW5pdGlhbGl6ZXJEZWxlZ2F0ZSgpOwogCisjaWYgUExBVEZP Uk0oTUFDKQogICAgIHZpcnR1YWwgYm9vbCBjaGVja0VudGl0bGVtZW50cygpOworI2VuZGlmCisK ICAgICB2aXJ0dWFsIGJvb2wgZ2V0Q29ubmVjdGlvbklkZW50aWZpZXIoSVBDOjpDb25uZWN0aW9u OjpJZGVudGlmaWVyJiBpZGVudGlmaWVyKTsKICAgICB2aXJ0dWFsIGJvb2wgZ2V0Q2xpZW50SWRl bnRpZmllcihTdHJpbmcmIGNsaWVudElkZW50aWZpZXIpOwogICAgIHZpcnR1YWwgYm9vbCBnZXRD bGllbnRQcm9jZXNzTmFtZShTdHJpbmcmIGNsaWVudFByb2Nlc3NOYW1lKTsKZGlmZiAtLWdpdCBh L1NvdXJjZS9XZWJLaXQyL1NoYXJlZC9FbnRyeVBvaW50VXRpbGl0aWVzL21hYy9YUENTZXJ2aWNl L1hQQ1NlcnZpY2VFbnRyeVBvaW50Lm1tIGIvU291cmNlL1dlYktpdDIvU2hhcmVkL0VudHJ5UG9p bnRVdGlsaXRpZXMvbWFjL1hQQ1NlcnZpY2UvWFBDU2VydmljZUVudHJ5UG9pbnQubW0KaW5kZXgg ZDQ4ZjgwMTg4NTgyZGQzZDI2ZDIzMjk5YzlhNTNmNjBiNTY5ZWU4Mi4uNTE5NzkzZDc4NTc4Y2Jk M2U1NmJjYzAyMzRjMjVhOGRiN2Q1ODFiYiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvU2hh cmVkL0VudHJ5UG9pbnRVdGlsaXRpZXMvbWFjL1hQQ1NlcnZpY2UvWFBDU2VydmljZUVudHJ5UG9p bnQubW0KKysrIGIvU291cmNlL1dlYktpdDIvU2hhcmVkL0VudHJ5UG9pbnRVdGlsaXRpZXMvbWFj L1hQQ1NlcnZpY2UvWFBDU2VydmljZUVudHJ5UG9pbnQubW0KQEAgLTUwLDkgKzUwLDIwIEBAIFhQ Q1NlcnZpY2VJbml0aWFsaXplckRlbGVnYXRlOjp+WFBDU2VydmljZUluaXRpYWxpemVyRGVsZWdh dGUoKQogewogfQogCisjaWYgUExBVEZPUk0oTUFDKQogYm9vbCBYUENTZXJ2aWNlSW5pdGlhbGl6 ZXJEZWxlZ2F0ZTo6Y2hlY2tFbnRpdGxlbWVudHMoKQogeworICAgIGlmICghaXNDbGllbnRTYW5k Ym94ZWQoKSkKKyAgICAgICAgcmV0dXJuIHRydWU7CisKKyAgICAvLyBGSVhNRTogT25jZSB3ZSdy ZSAxMDAlIHN1cmUgdGhhdCBhIHByb2Nlc3Mgd29uJ3QgYWNjZXNzIHRoZSBuZXR3b3JrIHdlIGNh biBnZXQgcmlkIG9mIHRoaXMgcmVxdWlyZW1lbnQgZm9yIGFsbCBwcm9jZXNzZXMuCisgICAgaWYg KCFoYXNFbnRpdGxlbWVudCgiY29tLmFwcGxlLnNlY3VyaXR5Lm5ldHdvcmsuY2xpZW50IikpIHsK KyAgICAgICAgTlNMb2coQCJBcHBsaWNhdGlvbiBkb2VzIG5vdCBoYXZlIHRoZSAnY29tLmFwcGxl LnNlY3VyaXR5Lm5ldHdvcmsuY2xpZW50JyBlbnRpdGxlbWVudC4iKTsKKyAgICAgICAgcmV0dXJu IGZhbHNlOworICAgIH0KKwogICAgIHJldHVybiB0cnVlOworI2VuZGlmCiB9CiAKIGJvb2wgWFBD U2VydmljZUluaXRpYWxpemVyRGVsZWdhdGU6OmdldENvbm5lY3Rpb25JZGVudGlmaWVyKElQQzo6 Q29ubmVjdGlvbjo6SWRlbnRpZmllciYgaWRlbnRpZmllcikK