Bug 165332

Summary: [Mac] Update sandbox profiles to use modern syntax and avoid duplication
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebKit2Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, andersca, ap, bfulgham
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch andersca: review+

Brent Fulgham
Reported 2016-12-02 13:48:56 PST
Clean up the WebKit Sandbox rules to use the modern syntax: Change from: ;; Read-only preferences and data (allow file-read* … (home-literal "/Library/Preferences/com.apple.ATS.plist") (home-literal "/Library/Preferences/com.apple.CoreGraphics.plist") etc. To: (allow user-preference-read (preference-domain “com.apple.ATS” “com.apple.CoreGraphics” etc.)) Also get rid of duplicated macro and function definitions that are part of the core sandbox language.
Attachments
Patch (17.99 KB, patch)
2016-12-02 13:51 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (17.62 KB, patch)
2016-12-02 13:53 PST, Brent Fulgham 		andersca: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2016-12-02 13:49:15 PST
<rdar://problem/26898991>
Brent Fulgham
Comment 2 2016-12-02 13:51:48 PST
Created attachment 295992 [details] Patch
Brent Fulgham
Comment 3 2016-12-02 13:53:33 PST
Created attachment 295995 [details] Patch
Brent Fulgham
Comment 4 2016-12-02 14:40:34 PST
Note: The changes in these sandbox profiles have been confirmed (with the Sandbox team) to be compatible with macOS 10.9 and newer.
Brent Fulgham
Comment 5 2016-12-02 15:21:43 PST
Committed r209280: <http://trac.webkit.org/changeset/209280>
Note You need to log in before you can comment on or make changes to this bug.