144315 2015-04-27 23:04:22 -0700 [WK2][Mac] Update WebContent process' sandbox profile for AWD 2015-04-28 09:40:34 -0700 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 cdumez cdumez ap oldest_to_newest 1089414 0 cdumez 2015-04-27 23:04:22 -0700 Update sandbox profile for AWD similarly to what was done for iOS in <http://trac.webkit.org/changeset/182278>. Radar: <rdar://problem/20719293> 1089415 1 251826 cdumez 2015-04-27 23:05:57 -0700 Created attachment 251826 Patch 1089419 2 251826 ap 2015-04-27 23:36:44 -0700 Comment on attachment 251826 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=251826&action=review > Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in:310 > +(allow mach-lookup > + (global-name "com.apple.awdd")) Why is this OK to do? Let's discuss offline, we should not allow anything in the sandbox profile without extreme caution and long deliberation. Also, why WebContent only, what does it even have to do with awd? 1089423 3 cdumez 2015-04-27 23:42:03 -0700 (In reply to comment #2) > Comment on attachment 251826 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=251826&action=review > > > Source/WebKit2/WebProcess/com.apple.WebProcess.sb.in:310 > > +(allow mach-lookup > > + (global-name "com.apple.awdd")) > > Why is this OK to do? > > Let's discuss offline, we should not allow anything in the sandbox profile > without extreme caution and long deliberation. > > Also, why WebContent only, what does it even have to do with awd? Please see comment on radar as to why we need this for the web content process only. Also you already approved this change for iOS, why is this an issue for Mac specifically? I use the same code on Mac and iOS so it makes sense we need the same sandbox permissions on both platforms. 1089556 4 251826 ap 2015-04-28 09:33:55 -0700 Comment on attachment 251826 Patch I'd just add this to the "various" section. 1089557 5 251851 cdumez 2015-04-28 09:39:38 -0700 Created attachment 251851 Patch 1089558 6 251851 cdumez 2015-04-28 09:40:29 -0700 Comment on attachment 251851 Patch Clearing flags on attachment: 251851 Committed r183480: <http://trac.webkit.org/changeset/183480> 1089559 7 cdumez 2015-04-28 09:40:34 -0700 All reviewed patches have been landed. Closing bug. 251826 2015-04-27 23:05:57 -0700 2015-04-28 09:39:34 -0700 Patch bug-144315-20150427230449.patch text/plain 1417 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMTgzNDU4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggYzZmNmZmZGUxNDdkYTM0 NjE5YmI3NTVhYjRjZWNmMjYyZmI3YzMwMi4uZTdmNzNhOWY1YzZmYjg0MzkzZDMwNTA5ZWEwZGY5 YzlmN2Q5NTcyOCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDE1LTA0LTI3ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgW1dLMl1bTWFjXSBVcGRhdGUg V2ViQ29udGVudCBwcm9jZXNzJyBzYW5kYm94IHByb2ZpbGUgZm9yIEFXRAorICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQ0MzE1CisgICAgICAgIDxyZGFy Oi8vcHJvYmxlbS8yMDcxOTI5Mz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMh KS4KKworICAgICAgICBVcGRhdGUgc2FuZGJveCBwcm9maWxlIGZvciBBV0Qgc2ltaWxhcmx5IHRv IHdoYXQgd2FzIGRvbmUgZm9yIGlPUyBpbgorICAgICAgICByMTgyMjc4LgorCisgICAgICAgICog V2ViUHJvY2Vzcy9jb20uYXBwbGUuV2ViUHJvY2Vzcy5zYi5pbjoKKwogMjAxNS0wNC0yNyAgU3Vu Z21hbm4gQ2hvICA8c3VuZ21hbm4uY2hvQG5hdmVyY29ycC5jb20+CiAKICAgICAgICAgW0dUS10g UmVtb3ZlIHVubmVjZXNzYXJ5IHNlbWljb2xvbiBmcm9tIFdlYktpdE5vdGlmaWNhdGlvblByb3Zp ZGVyLmguCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL2NvbS5hcHBsZS5X ZWJQcm9jZXNzLnNiLmluIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9jb20uYXBwbGUuV2Vi UHJvY2Vzcy5zYi5pbgppbmRleCBmNTg2Y2VlMDNmZjFiM2QwZWViZTIwODcxODU4MmFlZDcyNzky ODFlLi4wZDNmYTAwMGFmMjVlYWY0N2VjMGFiYTEwOTFjMWVjYjRkYjc2ZjE3IDEwMDY0NAotLS0g YS9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL2NvbS5hcHBsZS5XZWJQcm9jZXNzLnNiLmluCisr KyBiL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvY29tLmFwcGxlLldlYlByb2Nlc3Muc2IuaW4K QEAgLTMwNCwzICszMDQsNyBAQAogICAgIChnbG9iYWwtbmFtZSAiY29tLmFwcGxlLmNvcmVtZWRp YS5lbmRwb2ludHN0cmVhbS54cGMiKQogICAgIChnbG9iYWwtbmFtZSAiY29tLmFwcGxlLmNvcmVt ZWRpYS5lbmRwb2ludHBsYXliYWNrc2Vzc2lvbi54cGMiKQogICAgIChnbG9iYWwtbmFtZSAiY29t LmFwcGxlLmNvcmVtZWRpYS5lbmRwb2ludHBpY2tlci54cGMiKSkKKworOzsgQVdECisoYWxsb3cg bWFjaC1sb29rdXAKKyAgICAoZ2xvYmFsLW5hbWUgImNvbS5hcHBsZS5hd2RkIikpCg== 251851 2015-04-28 09:39:38 -0700 2015-04-28 09:40:29 -0700 Patch bug-144315-20150428093830.patch text/plain 1506 cdumez U3VidmVyc2lvbiBSZXZpc2lvbjogMTgzNDU4CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViS2l0Mi9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViS2l0Mi9DaGFuZ2VMb2cKaW5kZXggYzZmNmZmZGUxNDdkYTM0 NjE5YmI3NTVhYjRjZWNmMjYyZmI3YzMwMi4uMjNjYzhiMTVlOGJmMmU3NTkzOGVjMzY5ZjdlODQ5 ZTg1MGQzN2MzMSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJLaXQyL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE2IEBACisyMDE1LTA0LTI3ICBDaHJp cyBEdW1leiAgPGNkdW1lekBhcHBsZS5jb20+CisKKyAgICAgICAgW1dLMl1bTWFjXSBVcGRhdGUg V2ViQ29udGVudCBwcm9jZXNzJyBzYW5kYm94IHByb2ZpbGUgZm9yIEFXRAorICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQ0MzE1CisgICAgICAgIDxyZGFy Oi8vcHJvYmxlbS8yMDcxOTI5Mz4KKworICAgICAgICBSZXZpZXdlZCBieSBBbGV4ZXkgUHJvc2t1 cnlha292LgorCisgICAgICAgIFVwZGF0ZSBzYW5kYm94IHByb2ZpbGUgZm9yIEFXRCBzaW1pbGFy bHkgdG8gd2hhdCB3YXMgZG9uZSBmb3IgaU9TIGluCisgICAgICAgIHIxODIyNzguCisKKyAgICAg ICAgKiBXZWJQcm9jZXNzL2NvbS5hcHBsZS5XZWJQcm9jZXNzLnNiLmluOgorCiAyMDE1LTA0LTI3 ICBTdW5nbWFubiBDaG8gIDxzdW5nbWFubi5jaG9AbmF2ZXJjb3JwLmNvbT4KIAogICAgICAgICBb R1RLXSBSZW1vdmUgdW5uZWNlc3Nhcnkgc2VtaWNvbG9uIGZyb20gV2ViS2l0Tm90aWZpY2F0aW9u UHJvdmlkZXIuaC4KZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvY29tLmFw cGxlLldlYlByb2Nlc3Muc2IuaW4gYi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL2NvbS5hcHBs ZS5XZWJQcm9jZXNzLnNiLmluCmluZGV4IGY1ODZjZWUwM2ZmMWIzZDBlZWJlMjA4NzE4NTgyYWVk NzI3OTI4MWUuLjQyN2YzYzQ2Nzk4YjI0ODIzMTU5ODc3Mjc4ZWQwOTc0MzhjZDBhZWMgMTAwNjQ0 Ci0tLSBhL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvY29tLmFwcGxlLldlYlByb2Nlc3Muc2Iu aW4KKysrIGIvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9jb20uYXBwbGUuV2ViUHJvY2Vzcy5z Yi5pbgpAQCAtMTc2LDYgKzE3Niw3IEBACiAgICAgICAgKGdsb2JhbC1uYW1lICJjb20uYXBwbGUu YXVkaW8uVkRDQXNzaXN0YW50IikKICAgICAgICAoZ2xvYmFsLW5hbWUgImNvbS5hcHBsZS5hdWRp by5hdWRpb2hhbGQiKQogICAgICAgIChnbG9iYWwtbmFtZSAiY29tLmFwcGxlLmF1ZGlvLmNvcmVh dWRpb2QiKQorICAgICAgIChnbG9iYWwtbmFtZSAiY29tLmFwcGxlLmF3ZGQiKQogICAgICAgIChn bG9iYWwtbmFtZSAiY29tLmFwcGxlLmNvb2tpZWQiKQogICAgICAgIChnbG9iYWwtbmFtZSAiY29t LmFwcGxlLmRvY2suc2VydmVyIikKICAgICAgICAoZ2xvYmFsLW5hbWUgImNvbS5hcHBsZS5zeXN0 ZW0ub3BlbmRpcmVjdG9yeWQuYXBpIikK