| Summary: | [iOS] Allow file-read* for Cookies.binarycookies in NetworkProcess sandbox | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Per Arne Vollan <pvollan> | ||||||
| Component: | WebKit Misc. | Assignee: | Per Arne Vollan <pvollan> | ||||||
| Status: | RESOLVED INVALID | ||||||||
| Severity: | Normal | CC: | bfulgham, webkit-bug-importer | ||||||
| Priority: | P2 | Keywords: | InRadar | ||||||
| Version: | WebKit Nightly Build | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Attachments: |
|
||||||||
|
Description
Per Arne Vollan
2019-03-20 16:20:51 PDT
Created attachment 365430 [details]
Patch
Created attachment 365433 [details]
Patch
Comment on attachment 365433 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=365433&action=review > Source/WebKit/ChangeLog:9 > + The sandbox needs to allow reading from and writing to the file Cookies.binarycookies. I'm not sure we need file-write. I think that's handled elsewhere? Or did you see file-write issues? > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:110 > + ((relative-regex #"/Library/Cookies/Cookies.binarycookies$")) Gotta love scheme let syntax. So many parentheses. > Source/WebKit/Resources/SandboxProfiles/ios/com.apple.WebKit.Networking.sb:111 > + (allow file-read* file-write* I think we should limit it to file-read. Do we know of valid file-write cases? Comment on attachment 365433 [details]
Patch
Actually, after investigating further, I don't think we want any of this. I think the sandbox violation we noticed was a bug in shutdown code.
I think this bug was due to a misunderstanding on my part. I'm going to close this as not needed -- I think we may have a bug in the NetworkProcess shutdown code. |