Bug 133750

Summary: Restrict database process profile
Product: WebKit Reporter: Oliver Hunt <oliver>
Component: New BugsAssignee: Oliver Hunt <oliver>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch ap: review+

Description Oliver Hunt 2014-06-11 10:59:51 PDT 
Restrict database process profile
Comment 1 Oliver Hunt 2014-06-11 11:00:24 PDT 
Created attachment 232875 [details]
Patch
Comment 2 Alexey Proskuryakov 2014-06-11 11:32:22 PDT 
Comment on attachment 232875 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=232875&action=review

> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:47
> +;; FIXME: Should be removed once <rdar://problem/16329087> is fixed.
> +(deny file-write-xattr (xattr "com.apple.quarantine") (with no-log))

Please remove this, there is no quarantine.

> Source/WebKit2/Resources/SandboxProfiles/ios/com.apple.WebKit.Databases.sb:50
> +;; Reserve a namespace for additional protected extended attributes.
> +(deny file-read-xattr file-write-xattr (xattr-regex #"^com\.apple\.security\.private\."))

Do any iOS profiles have this, or is it an OS X only thing?
Comment 3 Oliver Hunt 2014-06-11 13:24:15 PDT 
Committed r169821: <http://trac.webkit.org/changeset/169821>